AWS Storage Gateway User Manual

Download

Page 1

AWS Storage Gateway

User Guide

API Version 2013-06-30

Page 2

AWS Storage Gateway User Guide

AWS Storage Gateway: User Guide

Page 3

AWS Storage Gateway User Guide

What Is AWS Storage Gateway? ... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . 1

Are You a First-Time AWS Storage Gateway User? .... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . .... 2

How AWS Storage Gateway Works ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 2

File Gateways . . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... 3

Volume Gateways .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ... 3

Tape Gateways .... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . .. 6

Pricing . . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .. 8

Plan Your Gateway Deployment .. ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... 8

Getting Started .... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... .... 10

Sign Up for AWS Storage Gateway . ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... 10

AWS Regions .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .... 10

Requirements . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ... 10

Hardware and Storage Requirements .. ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... .... 11

Network and Firewall Requirements ... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... 12

Supported Hypervisors and Host Requirements .. . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... 20

Supported NFS Clients for a File Gateway . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ... 21

Supported SMB Clients for a File Gateway . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . ... 21

Supported File System Operations for a File Gateway ... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . . 21

Supported iSCSI Initiators .. . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ... 22

Supported Third-Party Backup Applications for a Tape Gateway .. ..... . .... . ..... ..... . ..... ..... . ..... ..... 22

Accessing AWS Storage Gateway . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ... 23

Using the Hardware Appliance .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . .... 24

Supported AWS Regions . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... .... 24

Setting Up Your Hardware Appliance ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ... 25

Rack-Mount and Plug In Your Hardware Appliance . . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . .... 25

Conﬁgure Network Parameters ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... 27

Activate Your Hardware Appliance . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... . 29

Launching a Gateway . . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . . 32

Conﬁguring an IP Address for the Gateway ... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . .. 33

Conﬁguring Your Gateway ... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .... 34

Removing a Gateway . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 34

Deleting Your Hardware Appliance . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... 34

Creating Your Gateway ... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . 36

Creating a File Gateway . ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ... 36

Creating a Gateway . . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . . 36

Creating a File Share . . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . .... 42

Using Your File Share .... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . . 51

Creating a Volume Gateway ... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . . 56

Creating a Gateway . . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . . 57

Creating a Volume . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . .... 63

Using Your Volume .. . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... . 65

Backing Up Your Volumes .. ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 71

Creating a Tape Gateway ... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . 75

Creating a Gateway . . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . . 75

Creating Tapes .... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... 82

Using Your Tape Gateway . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... 83

Activating a Gateway in a Virtual Private Cloud .. . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... . 133

Creating a Gateway Using a VPC Endpoint .. . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... 134

Managing Your Gateway ... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... .. 144

Managing Your File Gateway .. . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... 144

Adding a File Share . . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . .... 144

Deleting a File Share .. ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ... 146

Editing Storage Settings for Your File Share ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . 148

Editing Metadata Defaults for Your NFS File Share .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ... 149

API Version 2013-06-30

iii

Page 4

AWS Storage Gateway User Guide

Editing Access Settings for Your NFS File Share ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . . 150

Editing Access Settings for Your SMB File Share .... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . 150

Refreshing Objects in Your Amazon S3 Bucket .. ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... 153

Using S3 Object Lock with File Gateway ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... 154

Understanding File Share Status .... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... . 154

File Share Best Practices . ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... 155

Managing Your Volume Gateway ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... .. 156

Adding a Volume . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . .... 156

Expanding the Size of a Volume . . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ... 157

Cloning a Volume . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ... 157

Viewing Volume Usage ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . .. 159

Deleting a Volume . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... .. 160

Moving Your Volumes to a Diﬀerent Gateway . . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . . 160

Reducing the Amount of Billed Storage on a Volume ... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . 162

Creating a One-Time Snapshot .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .. 162

Editing a Snapshot Schedule ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... 162

Deleting Snapshots .. ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... 163

Understanding Volume Status and Transitions . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... .. 171

Managing Your Tape Gateway ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . 178

Adding Tapes .... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... 178

Archiving Tapes .... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . .. 180

Moving a Tape from Glacier to Deep Archive .. ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .. 180

Retrieving Archived Tapes .. ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . . 181

Viewing Tape Usage .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . . 181

Deleting Tapes ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .. 182

Disabling Your Tape Gateway .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... 182

Understanding Tape Status ... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ... 183

Monitoring Your Gateway and Resources .. . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . . 185

Understanding Gateway Metrics ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ... 185

AWS Storage Gateway Metrics .. ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . 185

Dimensions for AWS Storage Gateway Metrics . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... .. 196

Monitoring the Upload Buﬀer . ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... 196

Monitoring Cache Storage . . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ... 198

Monitoring Your File Share ... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... . 199

Getting Notiﬁed About File Operations ... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ... 199

Understanding File Share Metrics .... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... 203

Monitoring Your Volume Gateway .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... 204

Using Amazon CloudWatch Metrics .. . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . .... 205

Measuring Performance Between Your Application and Gateway . . .... . ..... ..... . ..... ..... . ..... ..... . ... 206

Measuring Performance Between Your Gateway and AWS .. ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . . 207

Understanding Volume Metrics ... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . ... 210

Monitoring Your Tape Gateway .... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... 212

Using Amazon CloudWatch Metrics .. . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . .... 213

Measuring Performance Between Your Tape Gateway and AWS .... . ..... ..... . .... . ..... . .... . ..... ..... . . 213

Logging Storage Gateway API Calls with AWS CloudTrail . . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... 215

Storage Gateway Information in CloudTrail .. . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... .... 216

Understanding Storage Gateway Log File Entries .. ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .. 216

Maintaining Your Gateway ... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... 219

Shutting Down Your Gateway VM . ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... 219

Starting and Stopping a Volume or Tape Gateway ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... .. 219

Managing Local Disks .. ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... 220

Deciding the Amount of Local Disk Storage ... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .. 220

Sizing the Upload Buﬀer . . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ... 221

Sizing Cache Storage .. ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .. 222

Conﬁguring an Upload Buﬀer and Cache Storage . ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .. 223

Using Ephemeral Storage With EC2 Gateways .. ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . 223

Managing Bandwidth . . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... 224

API Version 2013-06-30

Page 5

AWS Storage Gateway User Guide

Changing Bandwidth Throttling Using the Storage Gateway Console ... . ..... ..... . ..... ..... . ..... ..... . 224

Using the AWS SDK for Java .. . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .. 225

Using the AWS SDK for .NET ... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... .. 226

Using the AWS Tools for Windows PowerShell ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 227

Managing Gateway Updates . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 228

Performing Maintenance Tasks on the Local Console ... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . ... 229

Performing Tasks on the VM Local Console (File Gateway) . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . . 229

Performing Tasks on the EC2 Local Console (File Gateway) .... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .. 244

Performing Tasks on the VM Local Console (Volume and Tape Gateways) . . ..... ..... . .... . ..... . .... . .. 252

Performing Tasks on the EC2 Local Console (Volume and Tape Gateways) ..... . .... . ..... . .... . ..... ... 267

Accessing the Gateway Local Console ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... .... 273

Conﬁguring Network Adapters for Your Gateway .... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... 275

Deleting Your Gateway and Removing Resources .. . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . .... 281

Deleting Your Gateway by Using the AWS Storage Gateway Console . . .... . ..... ..... . ..... ..... . ..... .... 282

Removing Resources from a Gateway Deployed On-Premises ..... . ..... ..... . ..... ..... . .... . ..... . .... . ... 282

Removing Resources from a Gateway Deployed on an Amazon EC2 Instance .. ..... . ..... ..... . .... . ... 284

Performance . . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ... 285

Performance Guidance for File Gateways . . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... 285

Performance Guidance for Tape Gateways ... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . . 286

Optimizing Gateway Performance ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . 287

Add Resources to Your Gateway ... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... .. 287

Use a Larger Block Size for Tape Drives . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . 288

Optimize the Performance of Virtual Tape Drives .... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . .... 288

Add Resources to Your Application Environment . . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ... 288

Security .. ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . .... 290

Creating a gateway in a VPC .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .. 290

Create a VPC Endpoint . . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . 290

Conﬁguring CHAP Authentication . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... 291

Viewing and Editing CHAP Credentials . . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . 292

Encrypting Your Data Using AWS KMS .... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... 293

Authentication and Access Control .. ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .. 294

Authentication . . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... . 294

Access Control .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... .... 295

Overview of Managing Access ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ... 296

Using Identity-Based Policies (IAM Policies) . ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . 299

Using Tags to Control Access to File Gateway Resources . ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .... 305

Using ACLs for SMB File Share Access .. ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . . 307

Storage Gateway API Permissions Reference .. . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... .. 309

Troubleshooting Your Gateway .... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ... 316

Troubleshooting On-Premises Gateway Issues .. . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .. 316

Enabling AWS Support To Help Troubleshoot Your Gateway .. ..... . ..... ..... . ..... ..... . .... . ..... . .... . ... 318

Troubleshooting Your Microsoft Hyper-V Setup ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . ... 320

Troubleshooting Amazon EC2 Gateway Issues . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... 323

Your Gateway Activation Hasn't Occurred After a Few Moments .... . .... . ..... . .... . ..... ..... . ..... ..... . . 323

You Can't Find Your EC2 Gateway Instance in the Instance List . ..... ..... . .... . ..... . .... . ..... ..... . ..... . 323

You Created an Amazon EBS Volume But Can't Attach it to Your EC2 Gateway Instance ... . ..... . .. 324

You Can't Attach an Initiator to a Volume Target of Your EC2 Gateway . .... . ..... ..... . ..... ..... . ..... . 324

You Get a Message That You Have No Disks Available When You Try to Add Storage Volumes .... 324

You Want to Remove a Disk Allocated as Upload Buﬀer Space to Reduce Upload Buﬀer Space ... 324

Throughput to or from Your EC2 Gateway Drops to Zero ... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . 324

You Want Your File Gateway to Use a C5 or M5 EC2 Instance Type Instead of C4 or M4 ... . ..... . ... 324

Get AWS Support to Help Troubleshoot Your Gateway ... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .... 325

Troubleshooting Hardware Appliance Issues .. . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . 326

You Can't Determine the Service IP Address . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... 326

How Do You Perform a Factory Reset? .... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ... 327

Where Do You Obtain Dell iDRAC Support? . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . 327

You Can't Find the Hardware Appliance Serial Number .. ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... 327

API Version 2013-06-30

Page 6

AWS Storage Gateway User Guide

Where to Obtain Hardware Appliance Support ... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . .... 327

Troubleshooting File Share Issues . ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... 328

Your File Share Is Stuck in CREATING Status . ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . ... 328

You Can't Create a File Share . . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 328

SMB File Shares Do Not Allow Multiple Diﬀerent Access Methods .. ..... ..... . ..... ..... . ..... ..... . .... . .. 329

Multiple File Shares Can't Write to the Mapped Amazon S3 Bucket ... . .... . ..... ..... . ..... ..... . ..... .... 329

You Can't Upload Files into Your S3 Bucket . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . 329

Can't Change the Default Encryption to Use SSE-KMS to Encrypt Objects Stored in My Amazon

S3 Bucket. . . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . . 329

Object Versioning Might Aﬀect What You See in Your File System ..... . ..... ..... . ..... ..... . .... . ..... ... 330

ACL Permissions Aren't Working as Expected . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .... 330

Your Gateway Performance Declined After You Performed a Recursive Operation .... . ..... ..... . .... 331

Troubleshooting Volume Issues . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ... 331

The Console Says That Your Volume Is Not Conﬁgured ... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . ... 331

The Console Says That Your Volume Is Irrecoverable ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... 331

Your Cached Gateway is Unreachable And You Want to Recover Your Data ... ..... . ..... ..... . .... . .... 332

The Console Says That Your Volume Has PASS THROUGH Status ..... ..... . ..... ..... . ..... ..... . .... . .... 332

You Want to Verify Volume Integrity and Fix Possible Errors .. . .... . ..... ..... . ..... ..... . ..... ..... . .... . ... 333

Your Volume's iSCSI Target Doesn’t Appear in Windows Disk Management Console ... . .... . ..... .... 333

You Want to Change Your Volume's iSCSI Target Name .... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... .. 333

Your Scheduled Volume Snapshot Did Not Occur . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ... 333

You Need to Remove or Replace a Disk That Has Failed .. . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ... 333

Throughput from Your Application to a Volume Has Dropped to Zero .. ..... . ..... ..... . ..... ..... . .... . . 333

A Cache Disk in Your Gateway Encounters a Failure . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... . 334

A Volume Snapshot Has PENDING Status Longer Than Expected .. . .... . ..... . .... . ..... ..... . ..... ..... . .. 334

Troubleshooting Virtual Tape Issues ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ... 334

Recovering a Virtual Tape From An Unrecoverable Gateway . . .... . ..... . .... . ..... ..... . ..... ..... . ..... .... 335

Troubleshooting Irrecoverable Tapes . . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ... 337

Recovering Your Data: Best Practices ... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .... 338

Recovering from an Unexpected Virtual Machine Shutdown ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... 338

Recovering Your Data from a Malfunctioning Gateway or VM ..... ..... . .... . ..... . .... . ..... ..... . ..... .... 339

Retrieving Your Data from an Irrecoverable Volume .. ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . ... 339

Recovering Your Data from an Irrecoverable Tape . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ... 340

Recovering Your Data from a Malfunctioning Cache Disk . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... 340

Recovering Your Data from a Corrupted File System . . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... .... 340

Recovering Your Data From An Inaccessible Data Center .. . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . .. 341

Additional Resources .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... 343

Host Setup .. . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... .. 343

Conﬁguring VMware for Storage Gateway . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... .. 343

Synchronizing Your Gateway VM Time ... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . .... 348

Volume or Tape Gateway on Amazon EC2 Host ... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .. 349

File Gateway on EC2 Host .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ... 351

Volume Gateway .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . .. 354

Removing Disks from Your Gateway ... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 354

EBS Volumes for EC2 Gateways . ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... 356

Tape Gateway .... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... .. 357

Working with VTL Devices ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . .. 357

Working with Tapes ... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 361

Getting Activation Key . . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ... 362

AWS CLI . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... 363

Linux (bash/zsh) .. ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . ... 363

Microsoft Windows PowerShell .... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ... 363

Connecting iSCSI Initiators . . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ... 364

Connecting to Your Volumes to a Windows Client .... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .... 365

Connecting to VTL Devices .. ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... 368

Connecting Your Volumes or VTL Devices to a Linux Client . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . 372

Customizing iSCSI Settings . . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . 374

API Version 2013-06-30

Page 7

AWS Storage Gateway User Guide

Conﬁguring CHAP Authentication ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ... 377

Using AWS Direct Connect with Storage Gateway ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . 386

Port Requirements .. ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ... 386

Connecting to Your Gateway ... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... 391

Getting an IP Address from an Amazon EC2 Host ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ... 391

Understanding Resources and Resource IDs ... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . 392

Working with Resource IDs .. . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... .... 393

Tagging Your Resources ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . .... 393

Working with Tags ... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . .... 394

See Also .. . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ... 395

Open-Source Components ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... 395

Storage Gateway Limits . ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . .. 395

Limits for File Shares .. ..... . .... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . .. 395

Limits for Volumes . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... . 396

Limits for Tapes ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... 396

Recommended Local Disk Sizes For Your Gateway ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 397

Using Storage Classes .. ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . ... 397

Using Infrequent Access Storage Class With File Gateway .. ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . . 397

Using GLACIER Storage Class With File Gateway ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... 398

API Reference . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ... 399

Required Request Headers ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... 399

Signing Requests . . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . 400

Example Signature Calculation ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... .. 401

Error Responses . ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 402

Exceptions ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ... 403

Operation Error Codes . . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . 404

Error Responses . ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . 416

Operations . . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... .... 418

Document History .... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... .... 419

Earlier Updates .. ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .... . ..... . .... . ..... ..... . ..... ..... . ..... ..... . .. 421

API Version 2013-06-30

vii

Page 8

AWS Storage Gateway User Guide

What Is AWS Storage Gateway?

AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between your on-premises IT environment and the AWS storage infrastructure. You can use the service to store data in the AWS Cloud for scalable and costeﬀective storage that helps maintain data security.

AWS Storage Gateway oﬀers ﬁle-based, volume-based, and tape-based storage solutions:

File Gateway – A ﬁle gateway supports a ﬁle interface into Amazon Simple Storage Service (Amazon S3) and combines a service and a virtual software appliance. By using this combination, you can store and retrieve objects in Amazon S3 using industry-standard ﬁle protocols such as Network File System (NFS) and Server Message Block (SMB). The software appliance, or gateway, is deployed into your on-premises environment as a virtual machine (VM) running on VMware ESXi or Microsoft Hyper-V hypervisor. The gateway provides access to objects in S3 as ﬁles or ﬁle share mount points. With a ﬁle gateway, you can do the following:

• You can store and retrieve ﬁles directly using the NFS version 3 or 4.1 protocol.

• You can store and retrieve ﬁles directly using the SMB ﬁle system version, 2 and 3 protocol.

• You can access your data directly in Amazon S3 from any AWS Cloud application or service.

• You can manage your Amazon S3 data using lifecycle policies, cross-region replication, and versioning. You can think of a ﬁle gateway as a ﬁle system mount on S3.

A ﬁle gateway simpliﬁes ﬁle storage in Amazon S3, integrates to existing applications through industrystandard ﬁle system protocols, and provides a cost-eﬀective alternative to on-premises storage. It also provides low-latency access to data through transparent local caching. A ﬁle gateway manages data transfer to and from AWS, buﬀers applications from network congestion, optimizes and streams data in parallel, and manages bandwidth consumption. File gateways integrate with AWS services, for example with the following:

• Common access management using AWS Identity and Access Management (IAM)

• Encryption using AWS Key Management Service (AWS KMS)

• Monitoring using Amazon CloudWatch (CloudWatch)

• Audit using AWS CloudTrail (CloudTrail)

• Operations using the AWS Management Console and AWS Command Line Interface (AWS CLI)

• Billing and cost management

Volume Gateway – A volume gateway provides cloud-backed storage volumes that you can mount as Internet Small Computer System Interface (iSCSI) devices from your on-premises application servers. The gateway supports the following volume conﬁgurations:

• Cached volumes – You store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Cached volumes oﬀer a substantial cost savings on primary storage and minimize the need to scale your storage on-premises. You also retain low-latency access to your frequently accessed data.

• Stored volumes – If you need low-latency access to your entire dataset, ﬁrst conﬁgure your onpremises gateway to store all your data locally. Then asynchronously back up point-in-time snapshots of this data to Amazon S3. This conﬁguration provides durable and inexpensive oﬀsite backups that you can recover to your local data center or Amazon EC2. For example, if you need replacement capacity for disaster recovery, you can recover the backups to Amazon EC2.

API Version 2013-06-30

Page 9

AWS Storage Gateway User Guide

Are You a First-Time AWS Storage Gateway User?

Tape Gateway – With a tape gateway, you can cost-eﬀectively and durably archive backup data in GLACIER or DEEP_ARCHIVE. A tape gateway provides a virtual tape infrastructure that scales seamlessly with your business needs and eliminates the operational burden of provisioning, scaling, and maintaining a physical tape infrastructure.

You can run AWS Storage Gateway either on-premises as a VM appliance, as a hardware appliance, or in AWS as an Amazon Elastic Compute Cloud (Amazon EC2) instance. You deploy your gateway on an EC2 instance to provision iSCSI storage volumes in AWS. You can use gateways hosted on EC2 instances for disaster recovery, data mirroring, and providing storage for applications hosted on Amazon EC2.

For an architectural overview, see How AWS Storage Gateway Works (Architecture) (p. 2). To see the wide range of use cases that AWS Storage Gateway helps make possible, see the AWS Storage Gateway

detail page.

To get started with Storage Gateway, see the following.

Topics

• Are You a First-Time AWS Storage Gateway User? (p. 2)

• How AWS Storage Gateway Works (Architecture) (p. 2)

• AWS Storage Gateway Pricing (p. 8)

• Plan Your Storage Gateway Deployment (p. 8)

Are You a First-Time AWS Storage Gateway User?

In the following documentation, you can ﬁnd a Getting Started section that covers setup information common to all gateways and also gateway-speciﬁc setup sections. The Getting Started section shows you how to deploy, activate, and conﬁgure storage for a gateway. The management section shows you how to manage your gateway and resources:

• Creating a File Gateway (p. 36) provides instructions on how to create and use a ﬁle gateway. It shows you how to create a ﬁle share, map your drive to an Amazon S3 bucket, and upload ﬁles and folders to Amazon S3.

• Creating a Volume Gateway (p. 56) describes how to create and use a volume gateway. It shows you how to create storage volumes and back up data to the volumes.

• Creating a Tape Gateway (p. 75) provides instructions on how to create and use a tape gateway. It shows you how to back up data to virtual tapes and archive the tapes.

• Managing Your Gateway (p. 144) describes how to perform management tasks for all gateway types and resources.

In this guide, you can primarily ﬁnd how to work with gateway operations by using the AWS Management Console. If you want to perform these operations programmatically, see the AWS Storage

Gateway API Reference.

How AWS Storage Gateway Works (Architecture)

Following, you can ﬁnd an architectural overview of the available AWS Storage Gateway solutions.

Topics

API Version 2013-06-30

Page 10

AWS Storage Gateway User Guide

File Gateways

• File Gateways (p. 3)

• Volume Gateways (p. 3)

• Tape Gateways (p. 6)

File Gateways

To use a ﬁle gateway, you start by downloading a VM image for the ﬁle gateway. You then activate the ﬁle gateway from the AWS Management Console or through the Storage Gateway API. You can also create a ﬁle gateway using an Amazon EC2 image.

After the ﬁle gateway is activated, you create and conﬁgure your ﬁle share and associate that share with your Amazon S3 bucket. Doing this makes the share accessible by clients using either the NFS or SMB protocol. Files written to a ﬁle share become objects in Amazon S3, with the path as the key. There is a one-to-one mapping between ﬁles and objects, and the gateway asynchronously updates the objects in Amazon S3 as you change the ﬁles. Existing objects in the bucket appear as ﬁles in the ﬁle system, and the key becomes the path. Objects are encrypted with Amazon S3–server-side encryption keys (SSE-S3). All data transfer is done through HTTPS.

The service optimizes data transfer between the gateway and AWS using multipart parallel uploads or byte-range downloads, to better use the available bandwidth. Local cache is maintained to provide low latency access to the recently accessed data and reduce data egress charges. CloudWatch metrics provide insight into resource use on the VM and data transfer to and from AWS. CloudTrail tracks all API calls.

With ﬁle gateway storage, you can do such tasks as ingesting cloud workloads to S3, performing backup and archive, tiering and migrating storage data to the AWS Cloud. The following diagram provides an overview of ﬁle storage deployment for Storage Gateway.

Volume Gateways

For volume gateways, you can use either cached volumes or stored volumes.

Topics

• Cached Volumes Architecture (p. 3)

• Stored Volumes Architecture (p. 5)

Cached Volumes Architecture

By using cached volumes, you can use Amazon S3 as your primary data storage, while retaining frequently accessed data locally in your storage gateway. Cached volumes minimize the need to scale your on-premises storage infrastructure, while still providing your applications with low-latency access to their frequently accessed data. You can create storage volumes up to 32 TiB in size and attach to them as iSCSI devices from your on-premises application servers. Your gateway stores data that you write to these volumes in Amazon S3 and retains recently read data in your on-premises storage gateway's cache and upload buﬀer storage.

Cached volumes can range from 1 GiB to 32 TiB in size and must be rounded to the nearest GiB. Each gateway conﬁgured for cached volumes can support up to 32 volumes for a total maximum storage volume of 1,024 TiB (1 PiB).

API Version 2013-06-30

Page 11

AWS Storage Gateway User Guide

Volume Gateways

In the cached volumes solution, AWS Storage Gateway stores all your on-premises application data in a storage volume in Amazon S3. The following diagram provides an overview of the cached volumes deployment.

After you install the Storage Gateway software appliance—the VM—on a host in your data center and activate it, you use the AWS Management Console to provision storage volumes backed by Amazon S3. You can also provision storage volumes programmatically using the AWS Storage Gateway API or the AWS SDK libraries. You then mount these storage volumes to your on-premises application servers as iSCSI devices.

You also allocate disks on-premises for the VM. These on-premises disks serve the following purposes:

• Disks for use by the gateway as cache storage – As your applications write data to the storage volumes in AWS, the gateway ﬁrst stores the data on the on-premises disks used for cache storage. Then the gateway uploads the data to Amazon S3. The cache storage acts as the on-premises durable store for data that is waiting to upload to Amazon S3 from the upload buﬀer.

The cache storage also lets the gateway store your application's recently accessed data on-premises for low-latency access. If your application requests data, the gateway ﬁrst checks the cache storage for the data before checking Amazon S3.

You can use the following guidelines to determine the amount of disk space to allocate for cache storage. Generally, you should allocate at least 20 percent of your existing ﬁle store size as cache storage. Cache storage should also be larger than the upload buﬀer. This guideline helps make sure that cache storage is large enough to persistently hold all data in the upload buﬀer that has not yet been uploaded to Amazon S3.

• Disks for use by the gateway as the upload buﬀer – To prepare for upload to Amazon S3, your gateway also stores incoming data in a staging area, referred to as an upload buﬀer. Your gateway uploads this buﬀer data over an encrypted Secure Sockets Layer (SSL) connection to AWS, where it is stored encrypted in Amazon S3.

You can take incremental backups, called snapshots, of your storage volumes in Amazon S3. These point-in-time snapshots are also stored in Amazon S3 as Amazon EBS snapshots. When you take a new snapshot, only the data that has changed since your last snapshot is stored. You can initiate snapshots on a scheduled or one-time basis. When you delete a snapshot, only the data not needed for any other snapshots is removed. For information about Amazon EBS snapshots, see Amazon EBS Snapshots.

You can restore an Amazon EBS snapshot to a gateway storage volume if you need to recover a backup of your data. Alternatively, for snapshots up to 16 TiB in size, you can use the snapshot as a starting

API Version 2013-06-30

Page 12

AWS Storage Gateway User Guide

Volume Gateways

point for a new Amazon EBS volume. You can then attach this new Amazon EBS volume to an Amazon EC2 instance.

All gateway data and snapshot data for cached volumes is stored in Amazon S3 and encrypted at rest using server-side encryption (SSE). However, you can't access this data with the Amazon S3 API or other tools such as the Amazon S3 Management Console.

Stored Volumes Architecture

By using stored volumes, you can store your primary data locally, while asynchronously backing up that data to AWS. Stored volumes provide your on-premises applications with low-latency access to their entire datasets. At the same time, they provide durable, oﬀsite backups. You can create storage volumes and mount them as iSCSI devices from your on-premises application servers. Data written to your stored volumes is stored on your on-premises storage hardware. This data is asynchronously backed up to Amazon S3 as Amazon Elastic Block Store (Amazon EBS) snapshots.

Stored volumes can range from 1 GiB to 16 TiB in size and must be rounded to the nearest GiB. Each gateway conﬁgured for stored volumes can support up to 32 volumes and a total volume storage of 512 TiB (0.5 PiB).

With stored volumes, you maintain your volume storage on-premises in your data center. That is, you store all your application data on your on-premises storage hardware. Then, using features that help maintain data security, the gateway uploads data to the AWS Cloud for cost-eﬀective backup and rapid disaster recovery. This solution is ideal if you want to keep data locally on-premises, because you need to have low-latency access to all your data, and also to maintain backups in AWS.

The following diagram provides an overview of the stored volumes deployment.

After you install the AWS Storage Gateway software appliance—the VM—on a host in your data center and activated it, you can create gateway storage volumes. You then map them to on-premises directattached storage (DAS) or storage area network (SAN) disks. You can start with either new disks or disks already holding data. You can then mount these storage volumes to your on-premises application servers as iSCSI devices. As your on-premises applications write data to and read data from a gateway's storage volume, this data is stored and retrieved from the volume's assigned disk.

To prepare data for upload to Amazon S3, your gateway also stores incoming data in a staging area, referred to as an upload buﬀer. You can use on-premises DAS or SAN disks for working storage. Your gateway uploads data from the upload buﬀer over an encrypted Secure Sockets Layer (SSL) connection

API Version 2013-06-30

Page 13

AWS Storage Gateway User Guide

Tape Gateways

to the AWS Storage Gateway service running in the AWS Cloud. The service then stores the data encrypted in Amazon S3.

You can take incremental backups, called snapshots, of your storage volumes. The gateway stores these snapshots in Amazon S3 as Amazon EBS snapshots. When you take a new snapshot, only the data that has changed since your last snapshot is stored. You can initiate snapshots on a scheduled or one-time basis. When you delete a snapshot, only the data not needed for any other snapshot is removed.

You can restore an Amazon EBS snapshot to an on-premises gateway storage volume if you need to recover a backup of your data. You can also use the snapshot as a starting point for a new Amazon EBS volume, which you can then attach to an Amazon EC2 instance.

Tape Gateways

Tape Gateway oﬀers a durable, cost-eﬀective solution to archive your data in the AWS Cloud. With its virtual tape library (VTL) interface, you use your existing tape-based backup infrastructure to store data on virtual tape cartridges that you create on your tape gateway. Each tape gateway is preconﬁgured with a media changer and tape drives. These are available to your existing client backup applications as iSCSI devices. You add tape cartridges as you need to archive your data.

The following diagram provides an overview of tape gateway deployment.

The diagram identiﬁes the following tape gateway components:

• Virtual tape – A virtual tape is like a physical tape cartridge. However, virtual tape data is stored in the AWS Cloud. Like physical tapes, virtual tapes can be blank or can have data written on them. You can create virtual tapes either by using the Storage Gateway console or programmatically by using the Storage Gateway API. Each gateway can contain up to 1500 tapes or up to 1 PiB of total tape data at a time. The size of each virtual tape, which you can conﬁgure when you create the tape, is between 100 GiB and 2.5 TiB.

API Version 2013-06-30

Page 14

AWS Storage Gateway User Guide

Tape Gateways

• Virtual tape library (VTL) – A VTL is like a physical tape library available on-premises with robotic arms and tape drives. Your VTL includes the collection of stored virtual tapes. Each tape gateway comes with one VTL.

The virtual tapes that you create appear in your gateway's VTL. Tapes in the VTL are backed up by Amazon S3. As your backup software writes data to the gateway, the gateway stores data locally and then asynchronously uploads it to virtual tapes in your VTL—that is, Amazon S3.

• Tape drive – A VTL tape drive is analogous to a physical tape drive that can perform I/O and seek

operations on a tape. Each VTL comes with a set of 10 tape drives, which are available to your backup application as iSCSI devices.

• Media changer – A VTL media changer is analogous to a robot that moves tapes around in a physical

tape library's storage slots and tape drives. Each VTL comes with one media changer, which is available to your backup application as an iSCSI device.

• Archive – Archive is analogous to an oﬀsite tape holding facility. You can archive tapes from your gateway's VTL to the archive. If needed, you can retrieve tapes from the archive back to your gateway's VTL.

• Archiving tapes – When your backup software ejects a tape, your gateway moves the tape to the

archive for long-term storage. The archive is located in the AWS Region in which you activated the gateway. Tapes in the archive are stored in the virtual tape shelf (VTS). The VTS is backed by S3

Glacier or S3 Glacier Deep Archive, low-cost storage service for data archiving, backup, and long-

term data retention.

• Retrieving tapes – You can't read archived tapes directly. To read an archived tape, you must ﬁrst

retrieve it to your tape gateway either by using the Storage Gateway console or by using the Storage Gateway API. When you retrieve a tape that is archived in GLACIER, it becomes available in your VTL in about three to ﬁve hours after you start retrieval. When you retrieve a tape that is archived in DEEP_ARCHIVE, it becomes available in your VTL in about 12 hours after you start retrieval.

After you deploy and activate a tape gateway, you mount the virtual tape drives and media changer on your on-premises application servers as iSCSI devices. You create virtual tapes as needed. Then you use your existing backup software application to write data to the virtual tapes. The media changer loads and unloads the virtual tapes into the virtual tape drives for read and write operations.

Allocating Local Disks for the Gateway VM

Your gateway VM needs local disks, which you allocate for the following purposes:

• Cache storage – The cache storage acts as the durable store for data that is waiting to upload to Amazon S3 from the upload buﬀer.

If your application reads data from a virtual tape, the gateway saves the data to the cache storage. The gateway stores recently accessed data in the cache storage for low-latency access. If your application requests tape data, the gateway ﬁrst checks the cache storage for the data before downloading the data from AWS.

• Upload buﬀer – The upload buﬀer provides a staging area for the gateway before it uploads the data to a virtual tape. The upload buﬀer is also critical for creating recovery points that you can use to recover tapes from unexpected failures. For more information, see You Need to Recover a Virtual Tape

from a Malfunctioning Tape Gateway (p. 335).

As your backup application writes data to your gateway, the gateway copies data to both the cache storage and the upload buﬀer. It then acknowledges completion of the write operation to your backup application.

For guidelines on the amount of disk space to allocate for the cache storage and upload buﬀer, see

Deciding the Amount of Local Disk Storage (p. 220).

API Version 2013-06-30

Page 15

AWS Storage Gateway User Guide

Pricing

AWS Storage Gateway Pricing

For current information about pricing, see Pricing on the AWS Storage Gateway details page.

Plan Your Storage Gateway Deployment

By using the AWS Storage Gateway software appliance, you can connect your existing on-premises application infrastructure with scalable, cost-eﬀective AWS cloud storage that provides data security features.

To deploy Storage Gateway, you ﬁrst need to decide on the following two things:

1. Your storage solution – Choose from one of the following storage solutions:

• File Gateway – You can use a ﬁle gateway to ingest ﬁles to Amazon S3 for use by object-based workloads and for cost-eﬀective storage for traditional backup applications. You can also use it to tier on-premises ﬁle storage to S3. You can cost-eﬀectively and durably store and retrieve your onpremises objects in Amazon S3 using industry-standard ﬁle protocols.

• Volume Gateway – Using volume gateways, you can create storage volumes in the AWS Cloud. Your on-premises applications can access these as Internet Small Computer System Interface (iSCSI) targets. There are two options—cached and stored volumes.

With cached volumes, you store volume data in AWS, with a small portion of recently accessed data in the cache on-premises. This approach enables low-latency access to your frequently accessed dataset. It also provides seamless access to your entire dataset stored in AWS. By using cached volumes, you can scale your storage resource without having to provision additional hardware.

With stored volumes, you store the entire set of volume data on-premises and store periodic pointin-time backups (snapshots) in AWS. In this model, your on-premises storage is primary, delivering low-latency access to your entire dataset. AWS storage is the backup that you can restore in the event of a disaster in your data center.

For an architectural overview of volume gateways, see Cached Volumes Architecture (p. 3) and

Stored Volumes Architecture (p. 5).

• Tape Gateway – If you are looking for a cost-eﬀective, durable, long-term, oﬀsite alternative for data archiving, deploy a tape gateway. With its virtual tape library (VTL) interface, you can use your existing tape-based backup software infrastructure to store data on virtual tape cartridges that you create. For more information, see Supported Third-Party Backup Applications for a

Tape Gateway (p. 22). When you archive tapes, you don't worry about managing tapes on

your premises and arranging shipments of tapes oﬀsite. For an architectural overview, see Tape

Gateways (p. 6).

2. Hosting option – You can run Storage Gateway either on-premises as a VM appliance, or as hardware appliance or in AWS as an Amazon EC2 instance. For more information, see Requirements (p. 10). If your data center goes oﬄine and you don't have an available host, you can deploy a gateway on an EC2 instance. Storage Gateway provides an Amazon Machine Image (AMI) that contains the gateway VM image.

Additionally, as you conﬁgure a host to deploy a gateway software appliance, you need to allocate suﬃcient storage for the gateway VM.

Before you continue to the next step, make sure that you have done the following:

1. For a gateway deployed on-premises, you chose the type of host, VMware ESXi Hypervisor or Microsoft Hyper-V. and set it up. For more information, see Requirements (p. 10). If you deploy

API Version 2013-06-30

Page 16

AWS Storage Gateway User Guide

Plan Your Gateway Deployment

the gateway behind a ﬁrewall, make sure that ports are accessible to the gateway VM. For more information, see Requirements (p. 10).

2. For a tape gateway, you have installed client backup software. For more information, see Supported

Third-Party Backup Applications for a Tape Gateway (p. 22).

API Version 2013-06-30

Page 17

AWS Storage Gateway User Guide

Sign Up for AWS Storage Gateway

Getting Started

In this section, you can ﬁnd instructions about how to get started with AWS Storage Gateway. To get started, you ﬁrst sign up for AWS. If you are a ﬁrst-time user, we recommend that you read the regions and requirements section.

Topics

• Sign Up for AWS Storage Gateway (p. 10)

• AWS Regions (p. 10)

• Requirements (p. 10)

• Accessing AWS Storage Gateway (p. 23)

To use AWS Storage Gateway, you need an AWS account that gives you access to all AWS resources, forums, support, and usage reports. You aren't charged for any of the services unless you use them. If you already have an AWS account, you can skip this step.

To sign up for AWS account

1. Open https://portal.amazonaws.cn/billing/signup.

2. Follow the online instructions.

Part of the sign-up procedure involves receiving a phone call and entering a veriﬁcation code on the phone keypad.

For information about pricing, see AWS Storage Gateway Pricing on the AWS Storage Gateway detail page.

AWS Regions

AWS Storage Gateway stores volume, snapshot, tape, and ﬁle data in the AWS Region in which your gateway is activated. File data is stored in the AWS Region where your Amazon S3 bucket is located. You select an AWS Region at the upper right of the AWS Storage Gateway Management Console before you start deploying your gateway.

• Storage Gateway—For supported AWS Regions and a list of AWS service endpoints you can use with

Storage Gateway, see Regions and Endpoints in the AWS General Reference.

Note

Tape gateway is not available in the South America (São Paulo) Region.

• AWS Storage Gateway Hardware Appliance—For supported AWS Regions you can use with the

hardware appliance, see AWS Storage Gateway Hardware Appliance Regions in the AWS General Reference.

Requirements

Unless otherwise noted, the following requirements are common to all gateway conﬁgurations.

API Version 2013-06-30

Page 18

AWS Storage Gateway User Guide

Hardware and Storage Requirements

Topics

• Hardware and Storage Requirements (p. 11)

• Network and Firewall Requirements (p. 12)

• Supported Hypervisors and Host Requirements (p. 20)

• Supported NFS Clients for a File Gateway (p. 21)

• Supported SMB Clients for a File Gateway (p. 21)

• Supported File System Operations for a File Gateway (p. 21)

• Supported iSCSI Initiators (p. 22)

• Supported Third-Party Backup Applications for a Tape Gateway (p. 22)

Hardware and Storage Requirements

In this section, you can ﬁnd information about the minimum hardware and settings for your gateway and the minimum amount of disk space to allocate for the required storage. For information about best practices for ﬁle gateway performance, see Performance Guidance for File Gateways (p. 285).

Hardware Requirements for On-Premises VMs

When deploying your gateway on-premises, you must make sure that the underlying hardware on which you deploy the gateway VM can dedicate the following minimum resources:

• Four virtual processors assigned to the VM.

• 16 GiB of reserved RAM assigned to the VM.

• 80 GiB of disk space for installation of VM image and system data.

For more information, see Optimizing Gateway Performance (p. 287). For information about how your hardware aﬀects the performance of the gateway VM, see AWS Storage Gateway Limits (p. 395).

Requirements for Amazon EC2 Instance Types

When deploying your gateway on Amazon EC2, the instance size must be at least xlarge for your gateway to function. However, for the compute-optimized instance family the size must be at least

2xlarge. Use one of the following instance types recommended for your gateway type.

Recommended for ﬁle gateway types

• General-purpose instance family— m4 or m5 instance type.

• Compute-optimized instance family— c4 or c5 instance types. Select the 2xlarge instance size or

higher to meet the required RAM requirements.

• Memory-optimized instance family—r3 instance types.

• Storage-optimized instance family— i3 instance types.

Note

When you launch your gateway in EC2, and the instance type you’ve selected supports ephemeral storage, the disks will be listed automatically. To learn more about Amazon EC2 instance storage, see here. Note that application writes are stored in the cache synchronously, and then asynchronously uploaded to durable storage in Amazon S3. If the ephemeral storage is lost because an instance stops before the upload is complete, then the data that still resides in cache and has not yet written to S3 can be lost. Before you stop the instance that hosts the gateway make sure the CachePercentDirty CloudWatch metric is 0. For more information about monitoring metrics for your storage gateway, see storage gateway metrics

and dimensions.

API Version 2013-06-30

Page 19

AWS Storage Gateway User Guide

Network and Firewall Requirements

If you have more than 5 million objects in your Amazon S3 bucket and you are using a General Purposes SSD volume, a minimum root EBS volume of 350 GiB is needed for acceptable performance of your gateway during start up. For information about how to increase your volume size, see Modifying an EBS Volume from the Console.

Recommended for cached volumes and tape gateway types

• General-purpose instance family—m4 or m5 instance types. We don't recommend using the

m4.16xlarge instance type.

• Compute-optimized instance family—c4 or c5 instance types. Select the 2xlarge instance size or

higher to meet the required RAM requirements.

• Storage-optimized instance family—d2, i2, or i3 instance types

Note

When you create any gateway type using the c4 or m4 instance type, it can't be changed to the c5 or m5 instance type. For information about how to upgrade your instance to the c5 or m5 instance type, see You Want Your File Gateway to Use a C5 or M5 EC2 Instance Type Instead of

C4 or M4 (p. 324).

Storage Requirements

In addition to 80 GiB disk space for the VM, you also need additional disks for your gateway.

The following table recommends sizes for local disk storage for your deployed gateway.

Gateway Type Cache

(Minimum)

File gateway 150 GiB 16 TiB — — —

Cached volume gateway

Stored volume gateway

Tape gateway 150 GiB 16 TiB 150 GiB 2 TiB —

150 GiB 16 TiB 150 GiB 2 TiB —

— — 150 GiB 2 TiB 1 or more for

Cache (Maximum)

Upload Buﬀer (Minimum)

Upload Buﬀer (Maximum)

Other Required Local Disks

stored volume or volumes

Note

You can conﬁgure one or more local drives for your cache and upload buﬀer, up to the maximum capacity. When adding cache or upload buﬀer to an existing gateway, it's important to create new disks in your host (hypervisor or Amazon EC2 instance). Don't change the size of existing disks if the disks have been previously allocated as either a cache or upload buﬀer.

For information about gateway limits, see AWS Storage Gateway Limits (p. 395).

Network and Firewall Requirements

Your gateway requires access to the internet, local networks, Domain Name Service (DNS) servers, ﬁrewalls, routers, and so on. Following, you can ﬁnd information about required ports and how to allow access through ﬁrewalls and routers.

API Version 2013-06-30

Page 20

AWS Storage Gateway User Guide

Network and Firewall Requirements

Note

In some cases, you might deploy AWS Storage Gateway on Amazon EC2 or use other types of deployment (including on-premises) with network security policies that restrict AWS IP address ranges. In these cases, your gateway might experience service connectivity issues when the AWS IP range values changes. The AWS IP address range values that you need to use are in the Amazon service subset for the AWS Region that you activate your gateway in. For the current IP range values, see AWS IP Address Ranges in the AWS General Reference.

Topics

• Port Requirements (p. 13)

• Networking and Firewall Requirements for the AWS Storage Gateway Hardware Appliance (p. 17)

• Allowing AWS Storage Gateway Access Through Firewalls and Routers (p. 19)

• Conﬁguring Security Groups for Your Amazon EC2 Gateway Instance (p. 20)

Port Requirements

AWS Storage Gateway requires certain ports to be allowed for its operation. The following illustrations show the required ports that you must allow for each type of gateway. Some ports are required by all gateway types, and others are required by speciﬁc gateway types. For more information about port requirements, see Port Requirements (p. 386).

Common ports for all gateway types

The following ports are common to all gateway types and are required by all gateway types.

Protocol Port Direction Source Destination How Used

TCP 443 (HTTPS) Outbound Storage

Gateway

TCP 80 (HTTP) Inbound AWS

Management Console

AWS For

communication from AWS Storage Gateway to the AWS service endpoint. For information about service endpoints, see Allowing

AWS Storage Gateway Access Through Firewalls and Routers (p. 19).

Storage Gateway

By local systems to obtain the storage gateway activation key. Port 80 is only used during activation of the Storage

API Version 2013-06-30

Page 21

AWS Storage Gateway User Guide

Network and Firewall Requirements

Protocol Port Direction Source Destination How Used

Gateway appliance.

AWS Storage Gateway does not require port 80 to be publicly accessible. The required level of access to port 80 depends on your network conﬁguration. If you activate your gateway from the AWS Storage Gateway Management Console, the host from which you connect to the console must have access to your gateway’s port 80.

UDP/UDP 53 (DNS) Outbound Storage

Gateway

TCP 22 (Support

channel)

Outbound Storage

Gateway

Domain Name Service (DNS) server

For communication between AWS Storage Gateway and the DNS server.

AWS Support Allows AWS

Support to access your gateway to help you with troubleshooting gateway issues. You don't need this port open for the normal operation of your gateway, but it is required for troubleshooting.

API Version 2013-06-30

Page 22

AWS Storage Gateway User Guide

Network and Firewall Requirements

Protocol Port Direction Source Destination How Used

UDP 123 (NTP) Outbound NTP client NTP server Used by local

systems to synchronize VM time to the host time.

Ports for ﬁle gateways

The following illustration shows the ports to open for a ﬁle gateway.

Note

For speciﬁc port requirements (including NFS and SMB port requirements), see Port

Requirements (p. 386).

You only need to use Microsoft Active Directory when you want to allow domain users to access an Server Message Block (SMB) ﬁle share. You can join your ﬁle gateway to any valid Microsoft Windows domain (resolvable by DNS).

You can also use the AWS Directory Service to create an AWS-managed Microsoft Active Directory in the AWS Cloud. For most AWS-managed Active Directory deployments, you need to conﬁgure the Dynamic Host Conﬁguration Protocol (DHCP) service for your VPC. For more information about how to create a DHCP options set, see here.

In addition to the common ports, ﬁle gateways require the following ports.

API Version 2013-06-30

Page 23

AWS Storage Gateway User Guide

Network and Firewall Requirements

Protocol Port Direction Source Destination How Used

TCP/UDP 2049 (NFS) Inbound NFS Clients Storage

Gateway

TCP/UDP 111 (NFSv3) Inbound NFSv3 client Storage

Gateway

TCP/UDP 20048 (NFSv3) Inbound NFSv3 client Storage

Gateway

For local systems to connect to NFS shares that your gateway exposes.

For local systems to connect to the port mapper that your gateway exposes.

Note

This port is needed only for NFSv3.

For local systems to connect to mounts that your gateway exposes.

Note

This port is needed only for NFSv3.

Ports for volume and tape gateways

The following illustration shows the ports to open for volume and tape gateways.

API Version 2013-06-30

Page 24

AWS Storage Gateway User Guide

Network and Firewall Requirements

In addition to the common ports, volume and tape gateways require the following port.

Protocol Port Direction Source Destination How Used

TCP 3260 (iSCSI) Inbound iSCSI Initiators Storage

Gateway

For detailed information about port requirements, see Port Requirements (p. 386) in the Additional AWS Storage Gateway Resources section.

By local systems to connect to iSCSI targets exposed by the gateway.

Networking and Firewall Requirements for the AWS Storage Gateway Hardware Appliance

Each AWS Storage Gateway Hardware Appliance requires the following network services:

• Internet access – an always-on network connection to the internet through any network interface on

the server.

• DNS services – DNS services for communication between the hardware appliance and DNS server.

• Time synchronization – an automatically conﬁgured Amazon NTP time service must be reachable.

• IP address – A DHCP or static IPv4 address assigned. You cannot assign an IPv6 address.

There are ﬁve physical network ports at the rear of the Dell PowerEdge R640 server. From left to right (facing the back of the server) these ports are as follows:

1. iDRAC

2. em1

3. em2

4. em3

5. em4

API Version 2013-06-30

Page 25

AWS Storage Gateway User Guide

Network and Firewall Requirements

You can use the iDRAC port for remote server management.

A hardware appliance requires the following ports to operate.

Protocol Port Direction Source Destination How Used

SSH 22 Outbound Hardware

appliance

DNS 53 Outbound Hardware

appliance

UDP/NTP 123 Outbound Hardware

appliance

HTTPS 443 Outbound Hardware

appliance

HTTP 8080 Inbound AWS Hardware

To perform as designed, a hardware appliance requires network and ﬁrewall settings as follows:

• Conﬁgure all connected network interfaces in the hardware console.

• Make sure that each network interface is on a unique subnet.

• Provide all connected network interfaces with outbound access to the endpoints listed in the diagram

preceding.

• Conﬁgure at least one network interface to support the hardware appliance. For more information, see

Conﬁgure Network Parameters (p. 27).

54.201.223.107 Support channel

DNS servers Name

resolution

*.amazon.pool.ntp.orgTime

synchronization

*.amazonaws.com Data

transfer

Activation

appliance

(only brieﬂy)

Note

To see an illustration showing the back of the server with its ports, see Rack-Mount Your

Hardware Appliance and Connect It to Power (p. 25)

All IP addresses on the same network interface (NIC), whether for a gateway or a host, must be on the same subnet. The following illustration shows the addressing scheme.

API Version 2013-06-30

Page 26

AWS Storage Gateway User Guide

Network and Firewall Requirements

For more information on activating and conﬁguring a hardware appliance, see Using the AWS Storage

Gateway Hardware Appliance (p. 24).

Allowing AWS Storage Gateway Access Through Firewalls and Routers

Your gateway requires access to the following endpoints to communicate with AWS. If you use a ﬁrewall or router to ﬁlter or limit network traﬃc, you must conﬁgure your ﬁrewall and router to allow these service endpoints for outbound communication to AWS.

The following service endpoints are required by all gateways for control path (anon-cp, client-cp, proxyapp) and data path (dp-1) operations.

anon-cp.storagegateway.region.amazonaws.com.cn:443 client-cp.storagegateway.region.amazonaws.com.cn:443 proxy-app.storagegateway.region.amazonaws.com.cn:443 dp-1.storagegateway.region.amazonaws.com.cn:443

The following service endpoint is required to make API calls.

storagegateway.region.amazonaws.com.cn:443

The Amazon S3 service endpoint, shown following, is used by ﬁle gateways only. A ﬁle gateway requires this endpoint to access the S3 bucket that a ﬁle share maps to.

If your gateway can't determine the AWS Region where your S3 bucket is located, this endpoint defaults to us-east-1.s3.amazonaws.com. We recommend that you whitelist the us-east-1 region in addition to AWS Regions where your gateway is activated, and where your S3 bucket is located.

region.s3.amazonaws.com.cn

The Amazon CloudFront endpoint following is required for Storage Gateway to get the list of available AWS Regions.

https://d4kdq0yaxexbo.cloudfront.net/

A Storage Gateway VM is conﬁgured to use the following NTP servers.

0.amazon.pool.ntp.org

1.amazon.pool.ntp.org

2.amazon.pool.ntp.org

API Version 2013-06-30

Page 27

AWS Storage Gateway User Guide

Supported Hypervisors and Host Requirements

3.amazon.pool.ntp.org

Depending on your gateway's AWS Region, replace region in the endpoint with the corresponding region string. For example, if you create a gateway in the US West (Oregon) region, the endpoint looks like this: storagegateway.us-west-2.amazonaws.com:443.

• Storage Gateway—For supported AWS Regions and a list of AWS service endpoints you can use with Storage Gateway, see Regions and Endpoints in the AWS General Reference.

• AWS Storage Gateway Hardware Appliance—For supported AWS Regions you can use with the hardware appliance see AWS Storage Gateway Hardware Appliance Regions in the AWS General Reference.

Conﬁguring Security Groups for Your Amazon EC2 Gateway Instance

A security group controls traﬃc to your Amazon EC2 gateway instance. When you create an instance from the Amazon Machine Image (AMI) for AWS Storage Gateway from AWS Marketplace, you have two choices for launching the instance. To launch the instance by using the 1-Click Launch feature of AWS Marketplace, follow the steps in Deploying a Volume or Tape Gateway on an Amazon EC2 Host (p. 349) . We recommend that you use this 1-Click Launch feature.

You can also launch an instance by using the Manual Launch feature in AWS Marketplace. In this case, an autogenerated security group that is named AWS Storage Gateway-1-0-AutogenByAWSMP- is created. This security group has the correct rule for port 80 to activate your gateway. For more information about security groups, see Security Group Concepts in the Amazon EC2 User Guide for Linux Instances.

Regardless of the security group that you use, we recommend the following:

• The security group should not allow incoming connections from the outside internet. It should allow only instances within the gateway security group to communicate with the gateway. If you need to allow instances to connect to the gateway from outside its security group, we recommend that you allow connections only on ports 3260 (for iSCSI connections) and 80 (for activation).

• If you want to activate your gateway from an EC2 host outside the gateway security group, allow incoming connections on port 80 from the IP address of that host. If you cannot determine the activating host's IP address, you can open port 80, activate your gateway, and then close access on port 80 after completing activation.

• Allow port 22 access only if you are using AWS Support for troubleshooting purposes. For more information, see You Want AWS Support to Help Troubleshoot Your EC2 Gateway (p. 325).

In some cases, you might use an Amazon EC2 instance as an initiator (that is, to connect to iSCSI targets on a gateway that you deployed on Amazon EC2). In such a case, we recommend a two-step approach:

1. You should launch the initiator instance in the same security group as your gateway.

2. You should conﬁgure access so the initiator can communicate with your gateway.

For information about the ports to open for your gateway, see Port Requirements (p. 386).

Supported Hypervisors and Host Requirements

You can run AWS Storage Gateway on-premises as either a virtual machine (VM) appliance, or a physical hardware appliance, or in AWS as an Amazon Elastic Compute Cloud (Amazon EC2) instance.

AWS Storage Gateway supports the following hypervisor versions and hosts:

API Version 2013-06-30

Page 28

AWS Storage Gateway User Guide

Supported NFS Clients for a File Gateway

• VMware ESXi Hypervisor (version 4.1, 5.0, 5.1, 5.5, 6.0 or 6.5)—A free version of VMware is available on the VMware website. For this setup, you also need a VMware vSphere client to connect to the host.

• Microsoft Hyper-V Hypervisor (version 2008 R2, 2012, or 2012 R2)—A free, standalone version of Hyper-V is available at the Microsoft Download Center. For this setup, you need a Microsoft Hyper-V Manager on a Microsoft Windows client computer to connect to the host.

• EC2 instance—AWS Storage Gateway provides an Amazon Machine Image (AMI) that contains the gateway VM image. Only ﬁle, cached volume, and tape gateway types can be deployed on Amazon EC2. For information about how to deploy a gateway on Amazon EC2, see Deploying a Volume or Tape

Gateway on an Amazon EC2 Host (p. 349).

• Storage Gateway Hardware Appliance—AWS Storage Gateway provides a physical hardware appliance as a on-premises deployment option for locations with limited virtual machine infrastructure.

Note

AWS Storage Gateway doesn’t support recovering a gateway from a VM that was created from a snapshot or clone of another gateway VM or from your Amazon EC2 AMI. If your gateway VM malfunctions, activate a new gateway and recover your data to that gateway. For more information, see Recovering from an Unexpected Virtual Machine Shutdown (p. 338). AWS Storage Gateway doesn’t support dynamic memory and virtual memory ballooning.

Supported NFS Clients for a File Gateway

File gateways support the following Network File System (NFS) clients:

• Amazon Linux

• Mac OS X

• RHEL 7

• SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Server 12

• Ubuntu 14.04

• Microsoft Windows 10 Enterprise, Windows Server 2012, and Windows Server 2016. Native clients only support NFS version 3.

• Windows 7 Enterprise and Windows Server 2008.

Native clients only support NFS v3. The maximum supported NFS I/O size is 32 KB, so you might experience degraded performance on these versions of Windows.

Note

You can now use SMB ﬁle shares when access is required through Windows (SMB) clients instead of using Windows NFS clients.

Supported SMB Clients for a File Gateway

File gateways support the following Service Message Block (SMB) clients:

• Microsoft Windows Server 2003 and later

• Windows desktop versions: 10, 8, and 7.

• Windows Terminal Server running on Windows Server 2003 and later

Supported File System Operations for a File Gateway

Your NFS or SMB client can write, read, delete, and truncate ﬁles. When clients send writes to AWS Storage Gateway, it writes to local Cache synchronously. Then it writes to Amazon S3 asynchronously

API Version 2013-06-30

Page 29

AWS Storage Gateway User Guide

Supported iSCSI Initiators

through optimized transfers. Reads are ﬁrst served through the local cache. If data is not available, it's fetched through Amazon S3 as a read-through cache.

Writes and reads are optimized in that only the parts that are changed or requested are transferred through your gateway. Deletes remove objects from S3. Directories are managed as folder objects in S3, using the same syntax as in the Amazon S3 Management Console.

HTTP operations such as GET, PUT, UPDATE, and DELETE can modify ﬁles in a ﬁle share. These operations conform to the atomic create, read, update, and delete (CRUD) functions.

Supported iSCSI Initiators

When you deploy a cached volume or stored volume gateway, you can create iSCSI storage volumes on your gateway. When you deploy a tape gateway, the gateway is preconﬁgured with one media changer and 10 tape drives. These tape drives and the media changer are available to your existing client backup applications as iSCSI devices.

To connect to these iSCSI devices, AWS Storage Gateway supports the following iSCSI initiators:

• Windows Server 2012 and Windows Server 2012 R2

• Windows Server 2008 and Windows Server 2008 R2

• Windows 7

• Red Hat Enterprise Linux 5

• Red Hat Enterprise Linux 6

• Red Hat Enterprise Linux 7

• VMware ESX Initiator, which provides an alternative to using initiators in the guest operating systems of your VMs

Important

Storage Gateway doesn't support Microsoft Multipath I/O (MPIO) from Windows clients. Storage Gateway supports connecting multiple hosts to the same volume if the hosts coordinate access by using Windows Server Failover Clustering (WSFC). However, you can't connect multiple hosts to that same volume (for example, sharing a nonclustered NTFS/ext4 ﬁle system) without using WSFC.

Supported Third-Party Backup Applications for a Tape Gateway

You use a backup application to read, write, and manage tapes with a tape gateway. The following thirdparty backup applications are supported to work with tape gateways.

The type of medium changer you choose depends on the backup application you plan to use. The following table lists third-party backup applications that have been tested and found to be compatible with tape gateways. This table includes the medium changer type recommended for each backup application.

Backup Application Medium Changer Type

Arcserve Backup AWS-Gateway-VTL

Bacula Enterprise V10.x AWS-Gateway-VTL or STK-L700

Commvault V11 STK-L700

API Version 2013-06-30

Page 30

AWS Storage Gateway User Guide

Accessing AWS Storage Gateway

Backup Application Medium Changer Type

Dell EMC NetWorker V8.x or V9.x AWS-Gateway-VTL

IBM Spectrum Protect v7.x IBM-03584L32-0402

Micro Focus (HPE) Data Protector 9.x AWS-Gateway-VTL

Microsoft System Center 2012 R2 or 2016 Data Protection Manager

NovaStor DataCenter/Network 6.4 or 7.1 STK-L700

Quest NetVault Backup 10.0 or 11.x or 12.x STK-L700

Veeam Backup & Replication V7 or V8 STK-L700

Veeam Backup & Replication V9 Update 2 or later AWS-Gateway-VTL

Veritas Backup Exec 2014 or 15 or 16 or 20.x AWS-Gateway-VTL

Veritas Backup Exec 2012

STK-L700

Note

Veritas has ended support for Backup Exec 2012. For more information, see

End of Support for Prior Backup Exec Versions.

Veritas NetBackup Version 7.x or 8.x AWS-Gateway-VTL

Important

We highly recommend that you choose the medium changer that's listed for your backup application. Other medium changers might not function properly. You can choose a diﬀerent medium changer after the gateway is activated. For more information, see Selecting a Medium

Changer After Gateway Activation (p. 358).

Accessing AWS Storage Gateway

You can use the AWS Storage Gateway Management Console to perform various gateway conﬁguration and management tasks. The Getting Started section and various other sections of this guide use the console to illustrate gateway functionality.

Additionally, you can use the AWS Storage Gateway API to programmatically conﬁgure and manage your gateways. For more information about the API, see API Reference for AWS Storage Gateway (p. 399).

You can also use the AWS SDKs to develop applications that interact with AWS Storage Gateway. The AWS SDKs for Java, .NET, and PHP wrap the underlying AWS Storage Gateway API to simplify your programming tasks. For information about downloading the SDK libraries, see Sample Code Libraries.

API Version 2013-06-30

Page 31

AWS Storage Gateway User Guide

Supported AWS Regions

Using the AWS Storage Gateway Hardware Appliance

The AWS Storage Gateway Hardware Appliance is a physical hardware appliance with AWS Storage Gateway software preinstalled on a third-party server. You can manage your AWS Storage Gateway Hardware Appliance from the Hardware page on the AWS Management Console.

When you create new gateway in the AWS Storage Gateway console, you have the option to run the gateway appliance on virtual platforms. AWS Storage Gateway supports VMware ESXi, Microsoft HyperV, and Amazon EC2 as hosts. Now you can also use the AWS Storage Gateway Hardware Appliance as a host in Europe in addition the United States. If you don't already own a hardware appliance and you choose to use one, go to the Amazon US or Amazon UK, or Amazon Germany website and purchase one. You can also purchase one from the AWS Storage Gateway console. From the Hardware page, you choose Buy Hardware Appliance and you will be directed to the appropriate Amazon website where you can purchase the appliance.

The hardware appliance is a high-performance 1U server that you can deploy in your data center, or onpremises inside your corporate ﬁrewall. When you purchase and activate your hardware appliance, the activation process associates your hardware appliance with your AWS account. After activation, your hardware appliance appears in the console as a gateway on the Hardware page. You can conﬁgure your hardware appliance as a ﬁle gateway, tape gateway, or volume gateway type. The procedure that you use to deploy and activate these gateway types on a hardware appliance is same as you would on a virtual platforms.

In the sections that follow, you can ﬁnd instructions about how to purchase, deploy, activate, and use an AWS Storage Gateway Hardware Appliance.

Topics

• Supported AWS Regions (p. 24)

• Setting Up Your Hardware Appliance (p. 25)

• Rack-Mount Your Hardware Appliance and Connect It to Power (p. 25)

• Conﬁgure Network Parameters (p. 27)

• Activate Your Hardware Appliance (p. 29)

• Launching a Gateway (p. 32)

• Conﬁguring an IP Address for the Gateway (p. 33)

• Conﬁguring Your Gateway (p. 34)

• Removing a Gateway From the Hardware Appliance (p. 34)

• Deleting Your Hardware Appliance (p. 34)

Supported AWS Regions

AWS Storage Gateway Hardware Appliance is only available in the US and Europe. You can connect your appliance to one of the AWS Region endpoints in the US or Europe. For information about supported AWS Regions, see AWS Storage Gateway Hardware Appliance Regions in the AWS General Reference.

API Version 2013-06-30

Page 32

AWS Storage Gateway User Guide

Setting Up Your Hardware Appliance

After you receive your AWS Storage Gateway Hardware Appliance, you use the hardware appliance console to conﬁgure networking to provide an always-on connection to AWS and activate your appliance. Activation associates your appliance with the AWS account that is used during the activation process. After the appliance is activated, you can launch a ﬁle, volume, or tape gateway types in the AWS Storage Gateway console.

To install and conﬁgure your hardware appliance

1. Rack-mount the appliance, and plug in power and network connections. For more information, see

Rack-Mount Your Hardware Appliance and Connect It to Power (p. 25).

2. Set the Internet Protocol version 4 (IPv4) addresses for both the hardware appliance (the host) and

Storage Gateway (the service). For more information, see Conﬁgure Network Parameters (p. 27).

3. Activate the hardware appliance on the console Hardware page in the AWS Region of your choice.

For more information, see Activate Your Hardware Appliance (p. 29).

4. Install the Storage Gateway on your hardware appliance. For more information, see Conﬁguring Your

Gateway (p. 34).

You set up gateways on your hardware appliance the same way that you set up gateways on a VMware ESXi or Microsoft Hyper-V hypervisor or an Amazon EC2 instance.

Increasing the usable cache storage

You can increase the usable storage on the hardware appliance from 5 TB to 12 TB. This provides a larger cache for low latency access to data in AWS. To increase the usable storage to 12 TB, you can buy ﬁve 1.92 TB SSDs (solid state drives), which is available on the Amazon Website, and add them to the hardware appliance before you activate it. If you have already activated the hardware appliance and want to increase the usable storage on the appliance to 12 TB, do the following:

1. First, reset the hardware appliance to its factory settings. Contact AWS support for instructions on

how to do this.

2. Add ﬁve 1.92 TB SSDs to the appliance.

For instructions on how to do this, see the Drives in the Dell EMCPowerEdgeR640 Installation and Service Manual.

Using a ﬁber optic network card instead of copper network card

The hardware appliance comes with a 10 gigabit copper network card but you can replace it with a 10 gigabit ﬁber optic network card that AWS Storage Gateway Hardware Appliance supports. The speciﬁc ﬁber optic network card that the hardware appliance supports is the Dell Intel X710 Quad Port 10GB Da/SFP+ Network Daughter Card. You can buy it from the hardware appliance product page on the Amazon website. For instructions on how to install the card, see, Network daughter card in the Dell EMCPowerEdgeR640 Installation and Service Manual.

Rack-Mount Your Hardware Appliance and Connect It to Power

After you unbox your AWS Storage Gateway Hardware Appliance, follow the instructions contained in the box to rack-mount the server. Your appliance has a 1U form factor and ﬁts into a 19-inch rack to the International Electrotechnical Commission (IEC) industry standard, as described on the 19-inch rack Wikipedia page.

API Version 2013-06-30

Page 33

AWS Storage Gateway User Guide

Rack-Mount and Plug In Your Hardware Appliance

To install your hardware appliance, you need the following components:

• Power cables: one required, two recommended.

• Category 6 (Cat6) Ethernet cable. A Category 5 (Cat5) Ethernet cable limits your throughput.

• Keyboard and monitor, or a keyboard, video, and mouse (KVM) switch solution.

To connect the hardware appliance to power

Note

Before you perform the following procedure, make sure that you meet all of the requirements for the AWS Storage Gateway Hardware Appliance as described in Networking and Firewall

Requirements for the AWS Storage Gateway Hardware Appliance (p. 17).

1. Plug in a power connection to each of the two power supplies. It's possible to plug in to only one

power connection, but we recommend power connections to both power supplies.

In the following image, you can see the hardware appliance with the diﬀerent connections.

2. Plug an Ethernet cable into the em1 port to provide an always-on internet connection. The em1 port

is the ﬁrst of the four physical network ports on the rear, from left to right.

Note

The hardware appliance doesn't support VLAN trunking. Set up the switch port to which you are connecting the hardware appliance as a non-trunked VLAN port.

3. Plug in the keyboard and monitor.

4. Power on the server by pressing the Power button on the front panel, as shown in the following

image.

After the server boots up, the hardware console appears on the monitor. The hardware console presents a user interface speciﬁc to AWS that you can use to conﬁgure initial network parameters. You conﬁgure these parameters to connect the appliance to AWS and open up a support channel for troubleshooting by AWS Support.

To work with the hardware console, enter text from the keyboard and use the Up, Down, Right, and Left Arrow keys to move about the screen in the indicated direction. Use the Tab key to move sequentially forward through items on-screen. On some setups, you can use the Shift+Tab keystroke to move sequentially backward. Use the Enter key to save selections, or to choose a button on the screen.

To set a password for the ﬁrst time

1. For Set Password, enter a password, and then press Down arrow.

API Version 2013-06-30

Page 34

AWS Storage Gateway User Guide

Conﬁgure Network Parameters

2. For Conﬁrm, re-enter your password, and then choose Save Password.

At this point, you are in the hardware console, shown following.

Next Step

Conﬁgure Network Parameters (p. 27)

Conﬁgure Network Parameters

After the server boots up, you can enter your ﬁrst password in the hardware console as described in

Rack-Mount Your Hardware Appliance and Connect It to Power (p. 25).

Next, on the hardware console take the following steps to conﬁgure network parameters so your hardware appliance can connect to AWS.

API Version 2013-06-30

Page 35

AWS Storage Gateway User Guide

Conﬁgure Network Parameters

To set a network address

1. Choose Conﬁgure Network and press the Enter key. The Conﬁgure Network screen shown

following appears.

2. For IP Address, enter a valid IPv4 address from one of the following sources:

• Use the IPv4 address assigned by your Dynamic Host Conﬁguration Protocol (DHCP) server to your physical network port.

If you do so, note this IPv4 address for later use in the activation step.

• Assign a static IPv4 address. To do so, choose Static in the em1 section and press Enter to view the Conﬁgure Static IP screen shown following.

The em1 section is at upper left section in the group of port settings.

After you have entered a valid IPv4 address, press the Down arrow or Tab.

Note

If you conﬁgure any other interface, it must provide the same always-on connection to the AWS endpoints listed in the requirements.

API Version 2013-06-30

Page 36

AWS Storage Gateway User Guide

Activate Your Hardware Appliance

3. For Subnet, enter a valid subnet mask, and then press Down arrow.

4. For Gateway, enter your network gateway’s IPv4 address, and then press Down arrow.

5. For DNS1, enter the IPv4 address for your Domain Name Service (DNS) server, and then press Down arrow.

6. (Optional) For DNS2, enter a second IPv4 address, and then press Down arrow. A second DNS server assignment would provide additional redundancy should the ﬁrst DNS server become unavailable.

7. Choose Save and then press Enter to save your static IPv4 address setting for the appliance.

To log out of the hardware console

1. Choose Back to return to the Main screen.

2. Choose Logout to return to the Login screen.

Next Step

Activate Your Hardware Appliance (p. 29)

Activate Your Hardware Appliance

After conﬁguring your IP address, you enter this IP address in the console on the Hardware page, as described following. The activation process validates that your hardware appliance has the appropriate security credentials and registers the appliance to your AWS account.

AWS Storage Gateway Hardware Appliance is only available in the US and Europe. You can choose to activate your hardware appliance in any of the supported AWS Regions. For the supported AWS Regions, see AWS Storage Gateway Hardware Appliance Regions in the AWS General Reference.

To activate your appliance for the ﬁrst time or in an AWS Region where you have no gateways deployed

1. Sign in to the AWS Management Console and open the AWS Storage Gateway console at https://

console.amazonaws.cn/storagegateway/home with the account credentials to use to activate your

hardware.

API Version 2013-06-30

Page 37

AWS Storage Gateway User Guide

Activate Your Hardware Appliance

If this is your ﬁrst gateway in an AWS Region, you see the splash screen shown following. After you create a gateway in this AWS Region, this screen no longer displays.

Note

For activation only, the following must be true:

• Your browser must be on the same network as your hardware appliance.

• Your ﬁrewall must allow HTTP access on port 8080 to the appliance for inbound traﬃc.

2. Choose Get started to view the Create gateway wizard, and then choose Hardware Appliance on the Select host platform page, as shown following.

3. Choose Next to view the Connect to hardware screen shown following.

API Version 2013-06-30

Page 38

AWS Storage Gateway User Guide

Activate Your Hardware Appliance

4. For IP Address, enter the IPv4 address of your appliance, and then choose Connect to Hardware to go to the Activate Hardware screen shown following.

5. For Hardware name, enter a name for your appliance. Names can be up to 255 characters long and can't include a slash character.

6. (Optional) For Hardware time zone, enter your local settings.

The time zone controls when hardware updates take place, with 2 a.m. local time used as the time for updates.

Note

We recommend setting the time zone for your appliance as this determines a standard update time that is out of the usual working day window.

7. (Optional) Keep the RAID Volume Manager set to ZFS.

ZFS RAID is a software-based, open-source ﬁle system and logical volume manager. We recommend using ZFS for most hardware appliance use cases because it oﬀers superior performance and integration compared with MD RAID. The hardware appliance is speciﬁcally tuned for ZFS RAID. For more information on ZFS RAID, see the ZFS Wikipedia page.

If you don't want to accept CDDL license terms, as documented in CDDL 1.0 on the Opensource.org site, we also oﬀer MD RAID. For more information on MD RAID, see the mdadm Wikipedia page. To change the volume manager on your hardware appliance, contact AWS Support. AWS Support can provide an International Organization for Standardization (ISO) standard image, instructions on performing a factory reset of a hardware appliance, and instructions on installing the new ISO image.

8. Choose Next to ﬁnish activation.

API Version 2013-06-30

Page 39

AWS Storage Gateway User Guide

Launching a Gateway

A console banner appears on the Hardware page indicating that the hardware appliance has been successfully activated, as shown following.

At this point, the appliance is associated with your account. The next step is to launch a ﬁle, tape, or cached volume gateway on your appliance.

Next Step

Launching a Gateway (p. 32)

Launching a Gateway

You can launch any of the three storage gateways on the appliance—ﬁle gateway, volume gateway (cached), or tape gateway.

To launch a gateway on your hardware appliance

1. Sign in to the AWS Management Console and open the AWS Storage Gateway console at https://

console.amazonaws.cn/storagegateway/home.

2. Choose Hardware.

3. For Actions, choose Launch Gateway.

4. For Gateway Type, choose File Gateway, Tape Gateway, or Volume Gateway (Cached).

5. For Gateway name, enter a name for your gateway. Names can be 255 characters long and can't include a slash character.

6. Choose Launch gateway.

The Storage Gateway software for your chosen gateway type installs on the appliance. It can take up to 5–10 minutes for a gateway to show up as online in the console.

To assign a static IP address to your installed gateway, you next conﬁgure the gateway's network interfaces so your applications can use it.

Next Step

Conﬁguring an IP Address for the Gateway (p. 33)

API Version 2013-06-30

Page 40

AWS Storage Gateway User Guide

Conﬁguring an IP Address for the Gateway

To assign a static IP address to a gateway installed on your hardware appliance, conﬁgure the IP address from the local console of that gateway. Your applications (such as your NFS or SMB client, your iSCSI initiator, and so on) connect to this IP address. You can access the gateway local console from the hardware appliance console.

To conﬁgure an IP address on your appliance to work with applications

1. On the hardware console, choose Open Service Console to open a login screen for the gateway local console.

2. Enter the localhost login password, and then press Enter.

For File Gateway the default account is admin and the default password is password. For Tape Gateway and Volume Gateway the default account is sguser the default password is sgpassword.

3. Change the default password. Choose Actions then Set Local Password and enter your new credentials in the Set Local Password dialog box.

4. (Optional) Conﬁgure your proxy settings. See the section called “Setting the Local Console Password

from the Storage Gateway Console” (p. 253) for instructions.

5. Navigate to the Network Settings page of the gateway local console as shown following.

6. Type 2 to go to the Network Conﬁguration page shown following.

7. Conﬁgure a static or DHCP IP address for the network port on your hardware appliance to present a ﬁle, volume, and tape gateway for applications. This IP address must be on the same subnet as the IP address used during hardware appliance activation.

To exit the gateway local console

• Press the Crtl+] (close bracket) keystroke. The hardware console appears.

Note

The keystroke preceding is the only way to exit the gateway local console.

Next Step

Conﬁguring Your Gateway (p. 34)

API Version 2013-06-30

Page 41

AWS Storage Gateway User Guide

Conﬁguring Your Gateway

After your hardware appliance has been activated and conﬁgured, your appliance appears in the console. Now you can create the type of gateway that you want. Continue the installation for your gateway type at the one of the conﬁgure local disks sections:

• For ﬁle gateway, see: Conﬁguring Local Disks (p. 41).

• For tape gateway, see: Conﬁguring Local Disks (p. 81).

• For volume gateway, see: Conﬁguring Local Disks (p. 62).

Removing a Gateway From the Hardware Appliance

To remove gateway software from your hardware appliance, use the following procedure. After you do so, the gateway software is uninstalled from your hardware appliance.

To remove a gateway from a hardware appliance

1. Choose the check box for the gateway.

2. For Actions, choose Remove Gateway.

3. In the Remove gateway from hardware appliance dialog box, choose Conﬁrm.

Note

When you delete a gateway, you can't undo the action. For certain gateway types, you can lose data on deletion, particularly cached data. For more information on deleting a gateway, see Deleting Your Gateway by Using the AWS Storage Gateway Console and Removing

Associated Resources (p. 281).

Deleting a gateway doesn't delete the hardware appliance from the console. The hardware appliance remains for future gateway deployments.

Deleting Your Hardware Appliance

After you activate your Hardware Appliance in your AWS account, you might have a need to move and activate it in a diﬀerent AWS account. In this case, you ﬁrst delete the appliance from the AWS account and activate it in another AWS account. You might also want to delete the appliance completely from your AWS account because you no longer need it. Follow these instructions to delete your hardware appliance.

To delete your hardware appliance

1. If you have installed a gateway on the hardware appliance, you must ﬁrst remove the gateway before you can delete the appliance. For instructions on how to remove a gateway from your Hardware Appliance, see Removing a Gateway From the Hardware Appliance (p. 34).

2. On the Hardware page, choose the hardware appliance you want to delete.

3. Choose Actions, and then choose Delete Appliance.

4. In the Conﬁrm deletion of resource(s) dialog box, choose the conﬁrmation check box and choose Delete. A message indicating successful deletion is displayed.

API Version 2013-06-30

Page 42

AWS Storage Gateway User Guide

Deleting Your Hardware Appliance

When you delete the hardware appliance, all the resources associated with the gateway that is installed on the appliance are delete also, but the data on the hardware appliance itself is not deleted.

API Version 2013-06-30

Page 43

AWS Storage Gateway User Guide

Creating a File Gateway

Creating Your Gateway

To create your gateway, open the AWS Storage Gateway Management Console and choose the AWS Region that you want to create your gateway in. If you haven't created a gateway in this AWS Region, the Storage Gateway service homepage is displayed.

Choose Get started to open the Create gateway page. On this page, you choose a gateway type. If you have a gateway in the current AWS Region, the console shows your gateway in the console.

Topics

• Creating a File Gateway (p. 36)

• Creating a Volume Gateway (p. 56)

• Creating a Tape Gateway (p. 75)

• Activating a Gateway in a Virtual Private Cloud (p. 133)

Creating a File Gateway

In this section, you can ﬁnd instructions about how to create and use a ﬁle gateway.

Topics

• Creating a Gateway (p. 36)

• Creating a File Share (p. 42)

• Using Your File Share (p. 51)

Creating a Gateway

In this section, you can ﬁnd instructions about how to download, deploy, and activate your ﬁle gateway.

Topics

• Choosing a Gateway Type (p. 37)

• Choosing a Host Platform and Downloading the VM (p. 37)

• Choosing a Service Endpoint (p. 39)

• Connecting to Your Gateway (p. 39)

• Activating Your Gateway (p. 40)

• Conﬁguring Local Disks (p. 41)

API Version 2013-06-30

Page 44

AWS Storage Gateway User Guide

Creating a Gateway

Choosing a Gateway Type

With a ﬁle gateway, you store and retrieve objects in Amazon S3 with a local cache for low latency access to your most recently used data.

To choose a gateway type

1. Open the AWS Management Console at http://console.www.amazonaws.cn/storagegateway/home, and choose the AWS Region that you want to create your gateway in.

If you have previously created a gateway in this AWS Region, the console shows your gateway. Otherwise, the service homepage appears.

2. If you haven't created a gateway in the AWS Region that you chose, choose Get started. If you already have a gateway in the AWS Region that you chose, choose Gateways from the navigation pane, and then choose Create gateway.

3. On the Select gateway type page, choose File gateway, and then choose Next.

Choosing a Host Platform and Downloading the VM

If you create your gateway on-premises, you deploy the hardware appliance, or download and deploy a gateway VM, and then activate the gateway. If you create your gateway on an Amazon EC2 instance, you launch an Amazon Machine Image (AMI) that contains the gateway VM image and then activate the gateway. For information about supported host platforms, see Supported Hypervisors and Host

Requirements (p. 20).

Note

You can run only ﬁle, cached volume, and tape gateways on an Amazon EC2 instance.

To select a host platform and download the VM

1. On the Select host platform page, choose the virtualization platform that you want to run your gateway on.

API Version 2013-06-30

Page 45

AWS Storage Gateway User Guide

Creating a Gateway

2. Choose Download image next to your virtualization platform to download a .zip ﬁle that contains the .ova ﬁle for your virtualization platform.

Note

The .zip ﬁle is over 500 MB in size and might take some time to download, depending on your network connection.

For EC2, you create an instance from the provided AMI.

3. Deploy the downloaded image to your hypervisor. You need to add at least one local disk for your cache and one local disk for your upload buﬀer during the deployment. A ﬁle gateway requires only one local disk for a cache. For information about local disk requirements, see Hardware and Storage

Requirements (p. 11).

If you choose VMware, do the following:

• Store your disk in Thick provisioned format. When you use thick provisioning, the disk storage

is allocated immediately, resulting in better performance. In contrast, thin provisioning allocates storage on demand. On-demand allocation can aﬀect the normal functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in thickprovisioned format.

• Conﬁgure your gateway VM to use paravirtualized disk controllers. For more information, see

Conﬁguring the AWS Storage Gateway VM to Use Paravirtualized Disk Controllers (p. 346).

If you choose Microsoft Hyper-V, do the following:

• Conﬁgure the disk type as Fixed size. When you use ﬁxed-size provisioning, the disk storage is

allocated immediately, resulting in better performance. If you don't use ﬁxed-size provisioning, the storage is allocated on demand. On-demand allocation can aﬀect the functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in ﬁxedsize provisioned format.

• When allocating disks, choose virtual hard disk (.vhd) ﬁle. Storage Gateway supports the .vhdx

ﬁle type. By using this ﬁle type, you can create larger virtual disks than with other ﬁle types. If you create a .vhdx type virtual disk, make sure that the size of the virtual disks that you create doesn't exceed the recommended disk size for your gateway.

For both VMware and Microsoft Hyper-V, synchronizing the VM time with the host time is required for successful gateway activation. Make sure that your host clock is set to the correct time and synchronize it with a Network Time Protocol (NTP) server.

API Version 2013-06-30

Page 46

AWS Storage Gateway User Guide

Creating a Gateway

If you choose EC2, do the following:

Launch an Amazon Machine Image (AMI) that contains the gateway VM image, and then activate the gateway. For information about deploying your gateway to an Amazon EC2 host, see: Deploying a

Volume or Tape Gateway on an Amazon EC2 Host (p. 349)

If you choose the hardware appliance, see Activate Your Hardware Appliance (p. 29).

For information about deploying your gateway to an Amazon EC2 host, see Deploy Your Gateway to an

Amazon EC2 Host (p. 351).

Choosing a Service Endpoint

You can activate your gateway using a public endpoint and have your gateway communicate with AWS storage services over the public Internet or activate it using a private VPC endpoint. If you use a VPC endpoint, all communication from your gateway to AWS services occurs through the VPC endpoint in your VPC in AWS.

To choose a service endpoint

1. For Endpoint type you have the following options:

To make your gateway access AWS services over the public Internet, choose Public.

To make your gateway access AWS services through the VPC endpoint in your VPC, choose VPC.

This walkthorough assumes that you are activating your gateway with a public endpoint. For Information about how to activate a gateway using a VPC, endpoint see Activating a Gateway in a

Virtual Private Cloud (p. 133).

2. Choose Next to connect you gateway and activate your gateway.

Connecting to Your Gateway

To connect to your gateway, the ﬁrst step is to get the IP address of your gateway VM. You use this IP address to activate your gateway. For gateways deployed and activated on an on-premises host, you can get the IP address from your gateway VM local console or your hypervisor client. For gateways deployed and activated on an Amazon EC2 instance, you can get the IP address from the Amazon EC2 console.

The activation process associates your gateway with your AWS account. Your gateway VM must be running for activation to succeed.

API Version 2013-06-30

Page 47

AWS Storage Gateway User Guide

Creating a Gateway

Make sure that you select the correct gateway type. The .ova ﬁles and AMIs for the gateway types are diﬀerent and are not interchangeable.

To get the IP address for your gateway VM from the local console

1. Log on to your gateway VM local console. For detailed instructions, see the following:

• VMware ESXi—Accessing the Gateway Local Console with VMware ESXi (p. 273).

• Microsoft Hyper-V—Access the Gateway Local Console with Microsoft Hyper-V (p. 274).

2. Get the IP address from the top of the menu page, and make note of it for later use.

To get the IP address from an EC2 instance

1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

2. In the navigation pane, choose Instances, and then choose the EC2 instance.

3. Choose the Description tab at the bottom, and then note the IP address. You use this IP address to activate the gateway.

For activation, you can use the public or private IP address assigned to a gateway. You must be able to reach the IP address that you use from the browser from which you perform the activation. In this walkthrough, we use the public IP address to activate the gateway.

To associate your gateway with your AWS account

1. If the Connect to gateway page isn't already open, open the console and navigate to that page.

2. Type the IP address of your gateway for IP address, and then choose Connect gateway.

For detailed information about how to get a gateway IP address, see Connecting to Your

Gateway (p. 391).

Activating Your Gateway

To activate your gateway

The gateway type, endpoint type, and AWS Region you selected are shown on the activation page.

API Version 2013-06-30

Page 48

AWS Storage Gateway User Guide

Creating a Gateway

1. To complete the activation process, provide information on the activation page to conﬁgure your gateway setting:

• Gateway Time Zone speciﬁes the time zone to use for your gateway.

• Gateway Name identiﬁes your gateway. You use this name to manage your gateway in the

console; you can change it after the gateway is activated. This name must be unique to your account.

The following screenshot shows the activation page for a ﬁle gateway.

2. AWS Region speciﬁes the AWS Region where your gateway will be activated and where your data will be stored. If Endpoint type is VPC, the AWS Region should be same as the Region where your VPC Endpoint is located.

3. Choose Activate gateway.

4. If activation is not successful, see Troubleshooting Your Gateway (p. 316) for possible solutions.

Conﬁguring Local Disks

When you deployed the VM, you allocated local disks for your gateway. Now you conﬁgure your gateway to use these disks.

To conﬁgure local disks

1. On the Conﬁgure local disks page, identify the disks you added and decide which ones you want to allocate for cached storage. For information about disk size limits, see Recommended Local Disk

Sizes For Your Gateway (p. 397).

API Version 2013-06-30

Page 49

AWS Storage Gateway User Guide

Creating a File Share

2. Choose Cache for the disk you want to conﬁgure as cache storage.

If you don't see your disks, choose Refresh.

3. Choose Save and continue to save your conﬁguration settings.

Next Step

Creating a File Share (p. 42)

Creating a File Share

In this section, you can ﬁnd instructions about how to create a ﬁle share. You can create a ﬁle share that can be accessed using either the Network File System (NFS) or Server Message Block (SMB) protocol.

When you create an NFS share, by default anyone who has access to the NFS server can access the NFS ﬁle share. You can limit access to clients by IP address.

For SMB, you can have one of three diﬀerent modes of authentication:

• A ﬁle share with Microsoft Active Directory (AD) access. Any authenticated Microsoft AD user gets

access to this ﬁle share type.

• An SMB ﬁle share with limited access. Only certain domain users and groups that you specify are

allowed access (white listed). Users and groups can also be denied access (black listed).

• An SMB ﬁle share with guest access. Any users who can provide the guest password get access to this

ﬁle share.

Note

File shares exported through the gateway for NFS ﬁle shares support POSIX permissions. For SMB ﬁle shares, you can use Access Control Lists (ACLs) to manage permissions on ﬁles and folders in your ﬁle share. For more information, see Using Microsoft Windows ACLs to Control

Access to an SMB File Share (p. 307).

A ﬁle gateway can host one or more ﬁle shares of diﬀerent types. You can have multiple NFS and SMB ﬁle shares on a ﬁle gateway.

API Version 2013-06-30

Page 50

AWS Storage Gateway User Guide

Creating a File Share

Important

To create a ﬁle share, a ﬁle gateway requires you to activate AWS Security Token Service (AWS STS). Make sure that AWS STS is activated in the AWS Region that you are creating your ﬁle gateway in. If AWS STS is not activated in that AWS Region, activate it. For information about how to activate AWS STS, see Activating and Deactivating AWS STS in an AWS Region in the IAM User Guide.

Note

You can use AWS Key Management Service (AWS KMS) to encrypt objects that your ﬁle gateway stores in Amazon S3. Currently, you can do this by using the Storage Gateway API. For instructions, see the Storage Gateway API Reference. By default, a ﬁle gateway uses server-side encryption managed with Amazon S3 (SSE-S3) when it writes data to an Amazon S3 bucket. If you make SSE-KMS (server-side encryption with AWS KMS–managed keys) the default encryption for your S3 bucket, objects that a ﬁle gateway stores there are encrypted using SSE-S3. To encrypt using SSE-KMS with your own AWS KMS key, you must enable SSE-KMS encryption. When you do so, provide the Amazon Resource Name (ARN) of the KMS key when you create your ﬁle share. You can also update KMS settings for your ﬁle share by using the UpdateNFSFileShare or UpdateSMBFileShare API operation. This update applies to objects stored in the Amazon S3 buckets after the update.

Topics

• Creating an NFS File Share (p. 43)

• Creating an SMB File Share (p. 45)

Creating an NFS File Share

Use the following procedure to create an NFS ﬁle share.

To create an NFS ﬁle share

1. Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

2. Choose Create ﬁle share.

3. For Amazon S3 bucket name, provide the name for the Amazon S3 bucket for your gateway to store your ﬁles in and retrieve your ﬁles to. This name must be compliant with Domain Name Service (DNS). This bucket must also exist already in S3; it isn't created for you by your ﬁle gateway. For information on DNS-compliant names for buckets, see Rules for Bucket Naming in the Amazon Simple Storage Service Developer Guide.

4. For Access objects using, choose Network File System(NFS).

5. For Gateway, choose your ﬁle gateway from the list and choose Next.

API Version 2013-06-30

Page 51

AWS Storage Gateway User Guide

Creating a File Share

6. For Storage class for new objects, choose a storage class to use for new objects created in your Amazon S3 bucket:

• Choose S3 Standard to store your frequently accessed object data redundantly in multiple

Availability Zones that are geographically separated.

• Choose S3 Standard-IA to store your infrequently accessed object data redundantly in multiple

Availability Zones that are geographically separated.

• Choose S3 One Zone-IA to store your infrequently accessed object data in a single Availability

Zone.

For more information, see Storage Classes in the Amazon Simple Storage Service Developer Guide.

7. For Object metadata, choose the metadata that you want to use:

• Choose Guess MIME type to enable guessing of the MIME type for uploaded objects based on ﬁle

extensions.

• Choose Give bucket owner full control to give full control to the owner of the S3 bucket that

maps to the ﬁle NFS ﬁle share. For more information on using your ﬁle share to access objects in a bucket owned by another account, see Using a File Share for Cross-Account Access (p. 146).

• Choose Enable requester pays if you are using this ﬁle share on a bucket that requires the

requester or reader instead of bucket owner to pay for access charges. For more information, see

Requester Pays Buckets.

8. For Access to your bucket, choose the AWS Identity and Access Management (IAM) role that you want your gateway to use to access your Amazon S3 bucket. This role allows the gateway to access your S3 bucket. A ﬁle gateway can create a new IAM role and access policy on your behalf. Or, if you have an IAM role that you want to use, you can specify it in the IAM role box and set up the access policy manually. For more information, see Granting Access to an Amazon S3 Bucket (p. 144). For information about IAM roles, see IAM Roles in the IAM User Guide.

9. Choose Next to review conﬁguration settings for your ﬁle share. You can change the allowed NFS clients for Allowed clients as needed.

To change Squash level and Export as under Mount options and to change File metadata defaults options, choose Edit by the option to change.

Note

For ﬁle shares mounted on a Microsoft Windows client, if you choose Read-only for Export as, you might see a message about an unexpected error keeping you from creating the

folder. You can ignore this message.

API Version 2013-06-30

Page 52

AWS Storage Gateway User Guide

Creating a File Share

The next step is to review conﬁguration settings for your ﬁle share. Your ﬁle gateway applies default settings to your ﬁle share.

To change the conﬁguration settings for your NFS ﬁle share:

1. Choose Edit for the settings that you want to change.

2. Conﬁgure Allowed clients to allow or restrict each client's access to your ﬁle share. For more information, see Editing Access Settings for Your NFS File Share (p. 150).

3. (Optional) Modify the mount options for your ﬁle share as needed.

4. (Optional) Modify the ﬁle metadata defaults as needed. For more information, see Editing Metadata

Defaults for Your NFS File Share (p. 149).

5. Review your ﬁle share conﬁguration settings, and then choose Create ﬁle share.

After your NFS ﬁle share is created, you can see your ﬁle share settings in the ﬁle share's Details tab.

Next Step

Mounting Your NFS File Share on Your Client (p. 51)

Creating an SMB File Share

Before you create an SMB ﬁle share, make sure that you conﬁgure security settings and SMB settings for your ﬁle gateway. You also conﬁgure either Microsoft Active Directory (AD) or guest access for authentication. A ﬁle share provides one type of SMB access only.

Note

An SMB ﬁle share doesn't operate correctly without the needed ports open in your security group. For more information, see Port Requirements (p. 386).

To create an SMB ﬁle share

1. Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

2. Choose Gateways, and on the Gateway page, choose the box next to the ﬁle gateway that you want to join to a domain.

3. For Actions, choose Edit SMB settings.

API Version 2013-06-30

Page 53

AWS Storage Gateway User Guide

Creating a File Share

At this point, conﬁgure settings for your ﬁle gateway:

• Conﬁgure security settings.

• Conﬁgure Active Directory settings.

• Conﬁgure guest access.

Find details on how to conﬁgure these settings following.

To conﬁgure security settings

1. In the SMB security settings section, choose Set security level.

2. For Security level, choose one of the following:

• Enforce encryption – if you choose this option, ﬁle gateway only allows connections from SMBv3

clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data.

• Enforce signing – if you choose this option, ﬁle gateway only allows connections from SMBv2 or

SMBv3 clients that have signing enabled.

• Client negotiated – if you choose this option, requests are established based on what is

negotiated by the client. This option is recommended when you want to maximize compatibility across diﬀerent clients in your environment.

Note

For gateways activated before June 20, 2019, the default security level is Client negotiated. For gateways activated on June 20, 2019 and later, the default security level is Enforce

encryption.

To conﬁgure your SMB ﬁle share for Microsoft Active Directory access

1. Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

2. Choose Gateways, and on the Gateway page, choose the box next to the ﬁle gateway that you want to join to a domain.

3. For Actions, choose Edit SMB settings.

API Version 2013-06-30

Page 54

AWS Storage Gateway User Guide

Creating a File Share

4. For Microsoft Active Directory authentication, choose Join domain. You can join a domain by using its IP address or its organizational unit. An organizational unit is an Active Directory subdivision that can hold users, groups, computers, and other organizational units.

Note

If your gateway can't join an Active Directory directory, try joining with the directory's IP address by using the JoinDomain API operation.

5. For Domain name, enter your fully qualiﬁed domain name.

Note

You can use the AWS Directory Service to create a hosted Microsoft Active Directory domain service in the AWS Cloud.

6. For Domain user, enter your account name. Your account must be able to join a server to a domain.

7. For Domain password, enter your account password.

8. For Organizational unit, enter your organizational unit.

9. For Domain controllers, enter a comma-separated list of Internet Protocol version 4 (IPv4) addresses, NetBios names, or hostnames of your domain server.

To conﬁgure your SMB ﬁle share for guest access

1. Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

2. Choose Gateways, and on the Gateway page, choose the box next to the ﬁle gateway that you want to use for your guest ﬁle share.

3. For Actions, choose Edit SMB settings.

API Version 2013-06-30

Page 55

AWS Storage Gateway User Guide

Creating a File Share

4. Choose Set guest password to enable guest access for your SMB ﬁle share.

Note

If you provide only guest access, your ﬁle gateway doesn't have to be part of an AD domain. You can also use a ﬁle gateway that is a member of your Microsoft AD domain to create ﬁle shares with guest access.

5. For Guest password, enter a password that meets your organization's security requirements.

6. Choose Save to complete the authentication.

A message at the top of the Gateways section of your console should appear, saying that your gateway Successfully joined domain.

If the banner displays the message Invalid domain name/DNS name cannot be resolved, the correct endpoint wasn't found. You might also see the error Invalid users/Invalid password, an authentication failure that means that your logon was not recognized by the domain service.

The error message The gateway cannot connect to the specified domain can indicate that the quota of users has been exhausted, in other words there are no more users in the quota. The default limit allows each user to join up to 10 systems to a domain. This error can also appear if the user that tried to connect didn't have administrator privileges.

The error message The specified request timed out might indicate that there is a problem with your ﬁrewall rules not allowing access to the domain.

In the next procedure, you create an SMB ﬁle share with either Microsoft Active Directory or guest access. Make sure that you deﬁne the SMB ﬁle share settings for your ﬁle gateway before performing the following steps.

To create an SMB ﬁle share

1. Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

2. On the navigation pane, choose Shares, choose the ﬁle gateway that you want to use, and then choose Create ﬁle share.

API Version 2013-06-30

Page 56

AWS Storage Gateway User Guide

Creating a File Share

3. On the Conﬁgure ﬁle share settings page, for Amazon S3 bucket name, provide a name for an existing Amazon S3 bucket. You use this bucket for your gateway to store ﬁles in and retrieve

4. For Access Objects using, choose Server Message Block (SMB).

5. For Gateway, make sure that your gateway is chosen, and then choose Next.

The Conﬁgure how ﬁles are stored in Amazon S3 page appears, as shown following.

6. For Storage class for new objects, choose a storage class to use for new objects created in your Amazon S3 bucket:

• Choose S3 Standard to store your frequently accessed object data redundantly in multiple

Availability Zones that are geographically separated.

• Choose S3 Standard-IA to store your infrequently accessed object data redundantly in multiple

Availability Zones that are geographically separated.

• Choose S3 One Zone-IA to store your infrequently accessed object data in a single Availability

Zone.

For more information, see Storage Classes in the Amazon Simple Storage Service Developer Guide.

7. For Object metadata, choose the metadata you want to use:

• Choose Guess MIME type to enable guessing of the MIME type for uploaded objects based on ﬁle

extensions.

• Choose Give bucket owner full control to give full control to the owner of the S3 bucket that

maps to the ﬁle SMB ﬁle share. For more information on using your ﬁle share to access objects in a bucket owned by another account, see Using a File Share for Cross-Account Access (p. 146).

API Version 2013-06-30

Page 57

AWS Storage Gateway User Guide

Creating a File Share

• Choose Enable requester pays if you are using this ﬁle share on a bucket that requires the

requester or reader instead of bucket owner to pay for access charges. For more information, see

Requester Pays Buckets.

8. For Access to your bucket, choose the AWS Identity and Access Management (IAM) role that you want your gateway to use to access your Amazon S3 bucket. This role allows the gateway to access your S3 bucket. A ﬁle gateway can create a new IAM role and access policy on your behalf. Or, if you have an IAM role you want to use, you can specify it in the IAM role box and set up the access policy manually. For more information, see Granting Access to an Amazon S3 Bucket (p. 144). For information about IAM roles, see IAM Roles in the IAM User Guide.

9. Choose Next to review conﬁguration settings for your SMB ﬁle share, as shown in the ﬁgure following.

10. For Microsoft AD authentication, make sure that Active Directory appears for Select authentication

method. Microsoft AD access is the default authentication method.

Note

For Microsoft AD access, your ﬁle gateway must be joined to a domain. For guest access, you must have set a guest access password. Both access types are available at the same time.

11. For Export as, choose Read-write (the default) or Read-only. Choose Close to enforce your authentication settings.

12. For File/directory access controlled by, choose one of the following:

• Choose Windows Access Control List to set ﬁne-grained permissions on ﬁles and folders in your

SMB ﬁle share. For more information, see Using Microsoft Windows ACLs to Control Access to an

SMB File Share (p. 307).

• Choose POSIX permissions to use POSIX permissions to control access to ﬁles and directories that

are stored through an NFS or SMB ﬁle share.

13. (Optional) For Admin users/groups, enter a comma-separated list of AD users and groups. You do this if you want the admin user to have privileges to update ACLs on all ﬁles and folders in the ﬁle

API Version 2013-06-30

Page 58

AWS Storage Gateway User Guide

Using Your File Share

share. These users and groups then have administrator rights to the ﬁle share. A group must be preﬁxed with the @ character, for example @group1.

14. Review your ﬁle share conﬁguration settings, and then choose Create ﬁle share.

After your SMB ﬁle share is created, you can see your ﬁle share settings in its Details tab.

The preceding procedure creates a Microsoft Active Directory ﬁle share. Anyone with domain credentials can access this ﬁle share. To limit access to certain users and groups, see Using Active Directory to

Authenticate Users (p. 151).

Next Step

Mounting Your SMB File Share on Your Client (p. 52)

Using Your File Share

Following, you can ﬁnd instructions about how to mount your ﬁle share on your client, use your share, test your ﬁle gateway, and clean up resources as needed. For more information about supported Network File System (NFS) clients, see Supported NFS Clients for a File Gateway (p. 21). For more information about supported Service Message Block (SMB) clients, see Supported SMB Clients for a File

Gateway (p. 21).

You can ﬁnd example commands to mount your ﬁle share on the AWS Management Console. In following sections, you can ﬁnd details on how to mount your ﬁle share on your client, use your share, test your ﬁle gateway, and clean up resources as needed.

Topics

• Mounting Your NFS File Share on Your Client (p. 51)

• Mounting Your SMB File Share on Your Client (p. 52)

• Working with File Shares on a Bucket with Pre-exisiting Objects (p. 55)

• Testing Your File Gateway (p. 55)

• Where Do I Go from Here? (p. 56)

Mounting Your NFS File Share on Your Client

Now you mount your NFS ﬁle share on a drive on your client and map it to your Amazon S3 bucket.

To mount a ﬁle share and map it to an Amazon S3 bucket

1. If you are using a Microsoft Windows client, we recommend that you create an SMB ﬁle share and access it using an SMB client that is already installed on Windows client. If you use NFS, turn on Services for NFS in Windows.

2. Mount your NFS ﬁle share:

• For Linux clients, type the following command at the command prompt.

sudo mount -t nfs -o nolock,hard [Your gateway VM IP address]:/[S3 bucket

name] [mount path on your client]

• For MacOS clients, type the following command at the command prompt.

sudo mount_nfs -o vers=3,nolock,rwsize=65536,hard -v [Your gateway VM IP

address]:/[S3 bucket name] [mount path on your client]

• For Windows clients, type the following command at the command prompt.

API Version 2013-06-30

Page 59

AWS Storage Gateway User Guide

Using Your File Share

mount –o nolock -o mtype=hard [Your gateway VM IP address]:/[S3 bucket

name] [Drive letter on your windows client]

For example, suppose that on a Windows client your VM's IP address is 123.123.1.2 and your Amazon S3 bucket name is test-bucket. Suppose also that you want to map to drive T. In this case, your command looks like the following.

mount -o nolock -o mtype=hard 123.123.1.2:/test-bucket T:

Note

When mounting ﬁle shares, be aware of the following:

• You might have a case where a folder and an object exist in an Amazon S3 bucket and have the same name. In this case, if the object name doesn't contain a trailing slash, only the folder is visible in a ﬁle gateway. For example, if a bucket contains an object named test or test/ and a folder named test/test1, only test/ and test/test1 are visible in a ﬁle gateway.

• You might need to remount your ﬁle share after a reboot of your client.

• By default Windows uses a soft mount for mounting your NFS share. Soft mounts time out more easily when there are connection issues. We recommend using a hard mount because a hard mount is safer and better preserves your data. The soft mount command omits the -o mtype=hard switch. The Windows hard mount command uses the -o mtype=hard switch.

• If you are using Windows clients, check your mount options after mounting by running the mount command with no options. The response should that conﬁrm the ﬁle share was mounted using the latest options you provided. It also should conﬁrm that you are not using cached old entries, which take at least 60 seconds to clear.

Next Step

Testing Your File Gateway (p. 55)

Mounting Your SMB File Share on Your Client

Now you mount your SMB ﬁle share and map to a drive accessible to your client. The console's ﬁle gateway section shows the supported mount commands that you can use for SMB clients. Following, you can ﬁnd some additional options to try.

You can use several diﬀerent methods for mounting SMB ﬁle shares, including the following:

• The net use command – Doesn't persist across system reboots, unless you use the /persistent: (yes:no) switch. The speciﬁc command that you use depends on whether you plan to use your ﬁle share for Microsoft Active Directory (AD) access or guest access.

• The CmdKey command line utility – Creates a persistent connection to a mounted SMB ﬁle share that remains after a reboot.

• A network drive mapped in File Explorer – Conﬁgures the mounted ﬁle share to reconnect at sign-in and to require that you enter your network credentials.

• PowerShell script – Can be persistent, and can be either visible or invisible to the operating system while mounted.

Note

If you are a Microsoft AD user, check with your administrator to ensure that you have access to the SMB ﬁle share before mounting the ﬁle share to your local system.

API Version 2013-06-30

Page 60

AWS Storage Gateway User Guide

Using Your File Share

If you are a guest user, make sure that you have the guest user account password before attempting to mount the ﬁle share.

To mount your SMB ﬁle share for Microsoft AD users using the net use command

1. Make sure that you have access to the SMB ﬁle share before mounting the ﬁle share to your local

system.

2. For Microsoft AD clients, type the following command at the command prompt:

net use [WindowsDriveLetter]: \\[Gateway IP Address]\[File share name]

To mount your SMB ﬁle share for guest users using the net use command

1. Make sure that you have the guest user account password before mounting the ﬁle share.

2. For Windows guest clients, type the following command at the command prompt.

net use [WindowsDriveLetter]: \\$[Gateway IP Address]\$[path] /user: $[Gateway ID]\smbguest

To mount an SMB ﬁle share on Windows using CmdKey:

1. Press the Windows key and type cmd to view the command prompt menu item.

2. Open the context (right-click) menu for Command Prompt and choose Run as administrator.

3. Type the following command:

C:\>cmdkey /add:[Gateway VM IP address] /user:[DomainName]\[UserName] / pass:[Password]

Note

When mounting ﬁle shares, be aware of the following:

• You might need to remount your ﬁle share after a reboot of your client.

To mount an SMB ﬁle share using Windows File Explorer

1. Press the Windows key and type File Explorer in the Search Windows box, or press Win+E.

2. In the navigation pane, choose This PC, then choose Map Network Drive for Map Network Drive in the Computer tab, as shown in the following screenshot.

API Version 2013-06-30

Page 61

AWS Storage Gateway User Guide

Using Your File Share

3. In the Map Network Drive dialog box, choose a drive letter for Drive.

4. For Folder, type \\[File Gateway IP]\[SMB File Share Name], or choose Browse to select your SMB ﬁle share from the dialog box.

5. (Optional) Select Reconnect at sign-up if you want your mount point to persist after reboots.

6. (Optional) Select Connect using diﬀerent credentials if you want a user to enter the Microsoft AD logon or guest account user password.

7. Choose Finish to complete your mount point.

You can edit ﬁle share settings, edit allowed and denied users and groups, and change the guest access password from the Storage Gateway Management Console. You can also refresh the data in the ﬁle share's cache and delete a ﬁle share from the console.

To modify your SMB ﬁle share's properties

1. Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

2. On the navigation pane, choose File Shares.

3. On the File Share page, select the check box by the SMB ﬁle share that you want to modify.

4. For Actions, choose the action that you want:

• Choose Edit ﬁle share settings to modify share access.

• Choose Edit allowed/denied users to add or delete users and groups, and then type the allowed

and denied users and groups into the Allowed Users, Denied Users, Allowed Groups, and Denied Groups boxes. Use the Add Entry buttons to create new access rights, and the (X) button to remove access.

5. When you're ﬁnished, choose Save.

API Version 2013-06-30

Page 62

AWS Storage Gateway User Guide

Using Your File Share

When you enter allowed users and groups, you are creating a whitelist. Without a whitelist, all authenticated Microsoft AD users can access the SMB ﬁle share. Any users and groups that are marked as denied are added to a blacklist and can't access the SMB ﬁle share. In instances where a user or group is on both the blacklist and whitelist, the blacklist takes precedence.

You can enable Access Control Lists(ACLs) on your SMB ﬁle share. For information about how to enable ACLs, see Using Microsoft Windows ACLs to Control Access to an SMB File Share (p. 307).

Next Step

Testing Your File Gateway (p. 55)

Working with File Shares on a Bucket with Pre-exisiting Objects

You can export a ﬁle share on an Amazon S3 bucket with objects created outside of the ﬁle gateway using either NFS or SMB. Objects in the bucket that were created outside of the gateway display as ﬁles in either the NFS or SMB ﬁle system when your ﬁle system clients access them. Standard Portable Operating System Interface (POSIX) access and permissions are used in the ﬁle share. When you write ﬁles back to an Amazon S3 bucket, the ﬁles assume the properties and access rights that you give them.

You can upload objects to an S3 bucket at any time. For the ﬁle share to display these newly added objects as ﬁles, you need to the section called “Refreshing Objects in Your Amazon S3 Bucket” (p. 153) ﬁrst.

Note

We don't recommend having multiple writers for one Amazon S3 bucket. If you do, be sure to read the section "Can I have multiple writers to my Amazon S3 bucket?" in the Storage Gateway

FAQ.

To assign metadata defaults to objects accessed using NFS, see Editing Metadata Defaults in the section

called “Managing Your File Gateway” (p. 144).

For SMB, you can export a share using Microsoft AD or guest access for an Amazon S3 bucket with preexisting objects. Objects exported through an SMB ﬁle share inherits POSIX ownership and permissions from the parent directory right above it. For objects under the root folder, root Access Control Lists (ACL) are inherited. For Root ACL, the owner is smbguest and the permissions for ﬁles are 666, and the directories are 777. This applies to all forms of authenticated access (Microsoft AD and guest)

Testing Your File Gateway

You can copy ﬁles and folders to your mapped drive. The ﬁles automatically upload to your Amazon S3 bucket.

To upload ﬁles from your windows client to Amazon S3

1. On your Windows client, navigate to the drive that you mounted your ﬁle share on. The name of your drive is preceded by the name of your S3 bucket.

2. Copy ﬁles or a folder to the drive.

3. On the Amazon S3 Management Console, navigate to your mapped bucket. You should see the ﬁles and folders that you copied in the Amazon S3 bucket that you speciﬁed.

You can see the ﬁle share that you created in the File shares tab in the AWS Storage Gateway Management Console.

Your NFS or SMB client can write, read, delete, rename, and truncate ﬁles.

API Version 2013-06-30

Page 63

AWS Storage Gateway User Guide

Creating a Volume Gateway

Note

File gateways don't support creating hard or symbolic links on a ﬁle share.

Keep in mind these points about how ﬁle gateways work with S3:

• Reads are served from a read-through cache. In other words, if data isn't available, it's fetched from S3

and added to the cache.

• Writes are sent to S3 through optimized multipart uploads by using a write-back cache.

• Read and writes are optimized so that only the parts that are requested or changed are transferred

over the network.

• Deletes remove objects from S3.

• Directories are managed as folder objects in S3, using the same syntax as in the Amazon S3 console.

You can rename empty directories.

• Recursive ﬁle system operation performance (for example ls –l) depends on the number of objects

in your bucket.

Next Step

Where Do I Go from Here? (p. 56)

Where Do I Go from Here?

In the preceding sections, you created and started using a ﬁle gateway, including mounting a ﬁle share and testing your setup.

Other sections of this guide include information about how to do the following:

• To manage your ﬁle gateway, see Managing Your File Gateway (p. 144).

• To optimize your ﬁle gateway, see Optimizing Gateway Performance (p. 287).

• To troubleshoot gateway problems, see Troubleshooting Your Gateway (p. 316).

• To learn about Storage Gateway metrics and how you can monitor how your gateway performs, see

Monitoring Your Gateway and Resources (p. 185).

Cleaning Up Resources You Don't Need

If you created your gateway as an example exercise or a test, consider cleaning up to avoid incurring unexpected or unnecessary charges.

To clean up resources you don't need

1. Delete any snapshots. For instructions, see Deleting a Snapshot (p. 163).

2. Unless you plan to continue using the gateway, delete it. For more information, see Deleting Your

Gateway by Using the AWS Storage Gateway Console and Removing Associated Resources (p. 281).

3. Delete the AWS Storage Gateway VM from your on-premises host. If you created your gateway on an Amazon EC2 instance, terminate the instance.

Creating a Volume Gateway

In this section, you can ﬁnd instructions about how to create and use a volume gateway.

Topics

• Creating a Gateway (p. 57)

• Creating a Volume (p. 63)

API Version 2013-06-30

Page 64

AWS Storage Gateway User Guide

Creating a Gateway

• Using Your Volume (p. 65)

• Backing Up Your Volumes (p. 71)

Creating a Gateway

In this section, you can ﬁnd instructions about how to download, deploy, and activate a volume gateway.

Topics

• Choosing a Gateway Type (p. 57)

• Choosing a Host Platform and Downloading the VM (p. 58)

• Choosing a Service Endpoint (p. 59)

• Connecting to Your Gateway (p. 60)

• Activating Your Gateway (p. 61)

• Conﬁguring Local Disks (p. 62)

Choosing a Gateway Type

With a volume gateway, you can create storage volumes in the AWS Cloud that your on-premises applications can access as Internet Small Computer System Interface (iSCSI) targets. There are two options:

• Cached volumes (p. 3)—Store your data in AWS and retain a copy of frequently accessed data subsets

locally.

• Stored volumes (p. 5)—Store all your data locally and asynchronously back up point-in-time

snapshots to AWS.

To choose a gateway type

1. Open the AWS Management Console at http://console.www.amazonaws.cn/storagegateway/home, and choose the AWS Region that you want to create your gateway in.

If you have previously created a gateway in this AWS Region, the console shows your gateway. Otherwise, the service homepage appears.

2. If you haven't created a gateway in the AWS Region you selected, choose Get started. If you already have a gateway in the AWS Region you chose, choose Gateways from the navigation pane, and then choose Create gateway.

3. On the Select gateway type page, choose Volume gateway, choose the type of volume, and then choose Next.

API Version 2013-06-30

Page 65

AWS Storage Gateway User Guide

Creating a Gateway

Choosing a Host Platform and Downloading the VM

Requirements (p. 20).

Note

You can run only ﬁle, cached volume, and tape gateways on an Amazon EC2 instance.

To select a host platform and download the VM

1. On the Select host platform page, choose the virtualization platform that you want to run your gateway on.

2. Choose Download image next to your virtualization platform to download a .zip ﬁle that contains the .ova ﬁle for your virtualization platform.

Note

The .zip ﬁle is over 500 MB in size and might take some time to download, depending on your network connection.

For EC2, you create an instance from the provided AMI.

Requirements (p. 11).

If you choose VMware, do the following:

• Store your disk in Thick provisioned format. When you use thick provisioning, the disk storage

• Conﬁgure your gateway VM to use paravirtualized disk controllers. For more information, see

Conﬁguring the AWS Storage Gateway VM to Use Paravirtualized Disk Controllers (p. 346).

If you choose Microsoft Hyper-V, do the following:

API Version 2013-06-30

Page 66

AWS Storage Gateway User Guide

Creating a Gateway

• Conﬁgure the disk type as Fixed size. When you use ﬁxed-size provisioning, the disk storage is

• When allocating disks, choose virtual hard disk (.vhd) ﬁle. Storage Gateway supports the .vhdx

If you choose EC2, do the following:

Launch an Amazon Machine Image (AMI) that contains the gateway VM image, and then activate the gateway. For information about deploying your gateway to an Amazon EC2 host, see: Deploying a

Volume or Tape Gateway on an Amazon EC2 Host (p. 349)

If you choose the hardware appliance, see Activate Your Hardware Appliance (p. 29).

For information about deploying your gateway to an Amazon EC2 host, see Deploy Your Gateway to an

Amazon EC2 Host (p. 349).

Choosing a Service Endpoint

To choose a service endpoint

1. For Endpoint type you have the following options:

To make your gateway access AWS services over the public Internet, choose Public.

To make your gateway access AWS services through the VPC endpoint in your VPC, choose VPC.

API Version 2013-06-30

Page 67

AWS Storage Gateway User Guide

Creating a Gateway

This walkthorough assumes that you are activating your gateway with a public endpoint. For Information about how to activate a gateway using a VPC, endpoint see Activating a Gateway in a

Virtual Private Cloud (p. 133).

2. Choose Next to connect you gateway and activate your gateway.

Connecting to Your Gateway

The activation process associates your gateway with your AWS account. Your gateway VM must be running for activation to succeed.

Make sure that you select the correct gateway type. The .ova ﬁles and AMIs for the gateway types are diﬀerent and are not interchangeable.

To get the IP address for your gateway VM from the local console

1. Log on to your gateway VM local console. For detailed instructions, see the following:

• VMware ESXi—Accessing the Gateway Local Console with VMware ESXi (p. 273).

• Microsoft Hyper-V—Access the Gateway Local Console with Microsoft Hyper-V (p. 274).

2. Get the IP address from the top of the menu page, and make note of it for later use.

To get the IP address from an EC2 instance

1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

2. In the navigation pane, choose Instances, and then choose the EC2 instance.

3. Choose the Description tab at the bottom, and then note the IP address. You use this IP address to activate the gateway.

To associate your gateway with your AWS account

1. If the Connect to gateway page isn't already open, open the console and navigate to that page.

2. Type the IP address of your gateway for IP address, and then choose Connect gateway.

API Version 2013-06-30

Page 68

AWS Storage Gateway User Guide

Creating a Gateway

For detailed information about how to get a gateway IP address, see Connecting to Your

Gateway (p. 391).

Activating Your Gateway

When your gateway VM is deployed and running, you conﬁgure your gateway settings and activate your gateway.

To activate your gateway

The gateway type, endpoint type, and AWS Region you selected are shown on the activation page.

1. To complete the activation process, provide the information on the activation page to conﬁgure your gateway setting:

• Gateway Time Zone speciﬁes the time zone to use for your gateway.

• Gateway Name identiﬁes your gateway. You use this name to manage your gateway in the

console; you can change it after the gateway is activated. This name must be unique to your account.

The following screenshot shows the activation page for a volume gateway.

3. Choose Activate Gateway.

When the gateway is successfully activated, the AWS Storage Gateway console displays the Conﬁgure local disks page.

API Version 2013-06-30

Page 69

AWS Storage Gateway User Guide

Creating a Gateway

If activation fails, check that the IP address you entered is correct. If the IP address is correct, conﬁrm that your network is conﬁgured to let your browser access the gateway VM. For other possible solutions, see Troubleshooting Your Gateway (p. 316).

Conﬁguring Local Disks

When you deployed the VM, you allocated local disks for your gateway. Now you conﬁgure your gateway to use these disks.

Note

If you allocate local disks on a VMware host, make sure to conﬁgure the disks to use paravirtualized disk controllers. When adding a cache or upload buﬀer to an existing gateway, make sure to create new disks in your host (hypervisor or Amazon EC2 instance). Don't change the size of existing disks if the disks have been previously allocated as either a cache or upload buﬀer.

• For a cached volume (p. 3), you conﬁgure at least one disk for an upload buﬀer and the other for cache

storage.

• For a stored volume (p. 5), you conﬁgure at least one disk for an upload buﬀer and allocate the rest of

the storage for your application data.

To conﬁgure local disks

1. On the Conﬁgure local disks page, identify the disks you allocated and decide which ones you want to use for an upload buﬀer and cached storage. For information about disk size limits, see

Recommended Local Disk Sizes For Your Gateway (p. 397).

2. From the list next to your upload buﬀer disk, choose Upload Buﬀer.

3. For cached volumes and tapes, choose Cache for the disk you want to conﬁgure as cache storage.

If you don't see your disks, choose Refresh.

4. Choose Save and continue to save your conﬁguration settings.

API Version 2013-06-30

Page 70

AWS Storage Gateway User Guide

Creating a Volume

Next Step

Creating a Volume (p. 63)

Creating a Volume

Previously, you allocated local disks that you added to the VM cache storage and upload buﬀer. Now you create a storage volume to which your applications read and write data. The gateway maintains the volume's recently accessed data locally in cache storage, and asynchronously transferred data to Amazon S3. For stored volumes, you allocated local disks that you added to the VM upload buﬀer and your application's data.

Note

You can use AWS Key Management Service (AWS KMS) to encrypt data written to a cached volume that is stored in Amazon S3. Currently, you can do this by using the AWS Storage Gateway API Reference. For more information, see CreateCachediSCSIVolume or create-cached-

iscsi-volume.

To create a volume

1. Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

2. On the AWS Storage Gateway console, choose Create volume.

3. In the Create volume dialog box, choose a gateway for Gateway.

4. For the cached volumes, type the capacity in Capacity.

For stored volumes, choose a Disk ID value from the list.

5. For Volume content, your choices depend on the type of gateway you are creating the volume for.

For cached volumes, you have the following options:

• Create a new empty volume.

• Create a volume based on an Amazon EBS snapshot. If you choose this option, provide a value

for EBS snapshot ID.

• Clone from last volume recovery point. If you choose this option, choose a volume ID for Source

volume. If there are no volumes in the region, this option doesn't appear.

For stored volumes, you have the following options:

• Create a new empty volume.

• Create a volume based on a snapshot. If you choose this option, provide a value for EBS

snapshot ID.

• Preserve existing data on the disk

6. Type a name for iSCSI target name.

The target name can contain lowercase letters, numbers, periods (.), and hyphens (-). This target name appears as the iSCSI target node name in the Targets tab of the iSCSI Microsoft initiator UI after discovery. For example, the name target1 appears as iqn.1007-05.com.amazon:target1. Make sure that the target name is globally unique within your storage area network (SAN).

7. Verify that the Network interface setting has IP address selected, or choose an IP address for Network interface. For Network interface, one IP address appears for each adapter that is conﬁgured for the gateway VM. If the gateway VM is conﬁgured for only one network adapter, no Network interface list appears because there is only one IP address.

Your iSCSI target will be available on the network adapter you choose.

API Version 2013-06-30

Page 71

AWS Storage Gateway User Guide

Creating a Volume

If you have deﬁned your gateway to use multiple network adapters, choose the IP address that your storage applications should use to access your volume. For information about conﬁguring multiple network adapters, see Conﬁguring Your Gateway for Multiple NICs (p. 266).

Note

After you choose a network adapter, you can't change this setting.

8. Choose Create volume.

If you have previously created volumes in this region, you can see them listed on the Storage Gateway console.

The Conﬁgure CHAP Authentication dialog box appears. You can conﬁgure Challenge-Handshake Authentication Protocol (CHAP) for your volume at this point, or you can choose Cancel and conﬁgure CHAP later. For more information on CHAP setup, see Conﬁgure CHAP Authentication for

Your Volumes (p. 64), following.

If you don't want to set up CHAP, get started using your volume. For more information, see Using Your

Volume (p. 65).

Conﬁgure CHAP Authentication for Your Volumes

CHAP provides protection against playback attacks by requiring authentication to access your storage volume targets. In the Conﬁgure CHAP Authentication dialog box, you provide information to conﬁgure CHAP for your volumes.

To conﬁgure CHAP

1. Choose the volume for which you want to conﬁgure CHAP.

2. For Actions, choose Conﬁgure CHAP authentication.

3. For Initiator Name, type the name of your initiator.

4. For Initiator secret, type the secret phrase you used to authenticate your iSCSI initiator.

5. For Target secret, type the secret phrase used to authenticate your target for mutual CHAP.

6. Choose Save to save your entries.

For more information about setting up CHAP authentication, see Conﬁguring CHAP Authentication

for Your iSCSI Targets (p. 377).

Next Step

API Version 2013-06-30

Page 72

AWS Storage Gateway User Guide

Using Your Volume

Using Your Volume (p. 65)

Using Your Volume

Following, you can ﬁnd instructions about how to use your volume. To use your volume, you ﬁrst connect it to your client as an iSCSI target, then initialize and format it.

Topics

• Connecting Your Volumes to Your Client (p. 65)

• Initializing and Formatting Your Volume (p. 66)

• Testing Your Gateway (p. 68)

• Where Do I Go from Here? (p. 69)

Connecting Your Volumes to Your Client

You use the iSCSI initiator in your client to connect to your volumes. At the end of the following procedure, the volumes become available as local devices on your client.

Important

With AWS Storage Gateway, you can connect multiple hosts to the same volume if the hosts coordinate access by using Windows Server Failover Clustering (WSFC). You can't connect multiple hosts to the same volume without using WSFC, for example by sharing a nonclustered NTFS/ext4 ﬁle system.

Topics

• Connecting to a Microsoft Windows Client (p. 65)

• Connecting to a Red Hat Enterprise Linux Client (p. 65)

Connecting to a Microsoft Windows Client

The following procedure shows a summary of the steps that you follow to connect to a Windows client. For more information, see Connecting iSCSI Initiators (p. 364).

To connect to a Windows client

1. Start iscsicpl.exe.

2. In the iSCSI Initiator Properties dialog box, choose the Discovery tab, and then choose Discovery Portal.

3. In the Discover Target Portal dialog box, type the IP address of your iSCSI target for IP address or DNS name.

4. Connect the new target portal to the storage volume target on the gateway.

5. Choose the target, and then choose Connect.

6. In the Targets tab, make sure that the target status has the value Connected, indicating the target is connected, and then choose OK.

Connecting to a Red Hat Enterprise Linux Client

The following procedure shows a summary of the steps that you follow to connect to a Red Hat Enterprise Linux (RHEL) client. For more information, see Connecting iSCSI Initiators (p. 364).

To connect a Linux client to iSCSI targets

1. Install the iscsi-initiator-utils RPM package.

API Version 2013-06-30

Page 73

AWS Storage Gateway User Guide

Using Your Volume

You can use the following command to install the package.

sudo yum install iscsi-initiator-utils

2. Make sure that the iSCSI daemon is running.

For RHEL 5 or 6, use the following command.

sudo /etc/init.d/iscsi status

For RHEL 7, use the following command.

sudo service iscsid status

3. Discover the volume or VTL device targets deﬁned for a gateway. Use the following discovery command.

sudo /sbin/iscsiadm --mode discovery --type sendtargets --portal [GATEWAY_IP]:3260

The output of the discovery command should look like the following example output.

For volume gateways: [GATEWAY_IP]:3260, 1 iqn.1997-05.com.amazon:myvolume

For tape gateways: iqn.1997-05.com.amazon:[GATEWAY_IP]-tapedrive-01

4. Connect to a target.

Make sure to specify the correct [GATEWAY_IP] and IQN in the connect command.

Use the following command.

sudo /sbin/iscsiadm --mode node --targetname iqn.1997-05.com.amazon:[ISCSI_TARGET_NAME]

--portal [GATEWAY_IP]:3260,1 --login

5. Verify that the volume is attached to the client machine (the initiator). To do so, use the following command.

ls -l /dev/disk/by-path

The output of the command should look like the following example output.

lrwxrwxrwx. 1 root root 9 Apr 16 19:31 ip-[GATEWAY_IP]:3260-iscsiiqn.1997-05.com.amazon:myvolume-lun-0 -> ../../sda

We highly recommend that after you set up your initiator you customize your iSCSI settings as discussed in Customizing Your Linux iSCSI Settings (p. 376).

Initializing and Formatting Your Volume

After you use the iSCSI initiator in your client to connect to your volumes, you initialize and format your volume.

Topics

• Initializing and Formatting Your Volume on Microsoft Windows (p. 67)

• Initializing and Formatting Your Volume on Red Hat Enterprise Linux (p. 67)

API Version 2013-06-30

Page 74

AWS Storage Gateway User Guide

Using Your Volume

Initializing and Formatting Your Volume on Microsoft Windows

Use the following procedure to initialize and format your volume on Windows.

To initialize and format your storage volume

1. Start diskmgmt.msc to open the Disk Management console.

2. In the Initialize Disk dialog box, initialize the volume as a MBR (Master Boot Record) partition. When selecting the partition style, you should take into account the type of volume you are connecting to—cached or stored—as shown in the following table.

Partition Style Use in the Following Conditions

MBR (Master Boot Record)

GPT (GUID Partition Table)

3. Create a simple volume:

a. Bring the volume online to initialize it. All the available volumes are displayed in the disk

management console.

b. Open the context (right-click) menu for the disk, and then choose New Simple Volume.

• If your gateway is a stored volume and the storage volume is limited to 1 TiB in size.

• If your gateway is a cached volume and the storage volume is less than 2 TiB in size.

If your gateway's storage volume is 2 TiB or greater in size.

Important

Be careful not to format the wrong disk. Check to make sure that the disk you are formatting matches the size of the local disk you allocated to the gateway VM and that it has a status of Unallocated.

c. Specify the maximum disk size.

d. Assign a drive letter or path to your volume, and format the volume by choosing Perform a

quick format.

Important

We strongly recommend using Perform a quick format for cached volumes. Doing so results in less initialization I/O, smaller initial snapshot size, and the fastest time to a usable volume. It also avoids using cached volume space for the full format process.

Note

The time that it takes to format the volume depends on the size of the volume. The process might take several minutes to complete.

Initializing and Formatting Your Volume on Red Hat Enterprise Linux

Use the following procedure to initialize and format your volume on Red Hat Enterprise Linux (RHEL).

To initialize and format your storage volume

1. Change directory to the /dev folder.

2. Run the sudo cfdisk command.

3. Identify your new volume by using the following command. To ﬁnd new volumes, you can list the partition layout of your volumes.

$ lsblk

API Version 2013-06-30

Page 75

AWS Storage Gateway User Guide

Using Your Volume

An "unrecognized volumes label" error for the new unpartitioned volume appears.

4. Initialize your new volume. When selecting the partition style, you should take into account the size and type of volume you are connecting to—cached or stored—as shown in the following table.

Partition Style Use in the Following Conditions

MBR (Master Boot Record)

GPT (GUID Partition Table)

For an MBR partition, use the following command: sudo parted /dev/your volume mklabel msdos

For a GPT partition, use the following command: sudo parted /dev/your volume mklabel gpt

5. Create a partition by using the following command.

sudo parted -a opt /dev/your volume mkpart primary file system 0% 100%

6. Assign a drive letter to the partition and create a ﬁle system by using the following command.

sudo mkfs drive letter datapartition /dev/your volume

7. Mount the ﬁle system by using the following command.

sudo mount -o defaults /dev/your volume /mnt/your directory

• If your gateway is a stored volume and the storage volume is limited to 1 TiB in size.

• If your gateway is a cached volume and the storage volume is less than 2 TiB in size.

If your gateway's storage volume is 2 TiB or greater in size.

Testing Your Gateway

You test your volume gateway setup by performing the following tasks:

1. Write data to the volume.

2. Take a snapshot.

3. Restore the snapshot to another volume.

You verify the setup for a gateway by taking a snapshot backup of your volume and storing the snapshot in AWS. You then restore the snapshot to a new volume. Your gateway copies the data from the speciﬁed snapshot in AWS to the new volume.

Note

Restoring data from Amazon Elastic Block Store (Amazon EBS) volumes that are encrypted is not supported.

To create a snapshot of a storage volume on Microsoft Windows

1. On your Windows computer, copy some data to your mapped storage volume.

The amount of data copied doesn't matter for this demonstration. A small ﬁle is enough to demonstrate the restore process.

2. In the navigation pane of the AWS Storage Gateway console, choose Volumes.

3. Choose the storage volume that you created for the gateway.

API Version 2013-06-30

Page 76

AWS Storage Gateway User Guide

Using Your Volume

This gateway should have only one storage volume. Choose the volume displays its properties.

4. For Actions, choose Create Snapshot to create a snapshot of the volume.

Depending on the amount of data on the disk and the upload bandwidth, it might take a few seconds to complete the snapshot. Note the volume ID for the volume from which you create a snapshot. You use the ID to ﬁnd the snapshot.

5. In the Create Snapshot dialog box, provide a description for your snapshot, and then choose Create Snapshot.

Your snapshot is stored as an Amazon EBS snapshot. Take note of your snapshot ID.

The number of snapshots created for your volume is displayed in the snapshot column.

6. For Snapshot, choose the link for the volume you created the snapshot for to see your EBS snapshot on the Amazon EC2 console.

Where Do I Go from Here?

In the preceding sections, you created and provisioned a gateway and then connected your host to the gateway's storage volume. You added data to the gateway's iSCSI volume, took a snapshot of the volume, and restored it to a new volume, connected to the new volume, and veriﬁed that the data shows up on it.

After you ﬁnish the exercise, consider the following:

• If you plan on continuing to use your gateway, read about sizing the upload buﬀer more appropriately

for real-world workloads. For more information, see Sizing Your Volume Gateway's Storage for Real-

World Workloads (p. 70).

• If you don't plan on continuing to use your gateway, consider deleting the gateway to avoid incurring

any charges. For more information, see Cleaning Up Resources You Don't Need (p. 71).

Other sections of this guide include information about how to do the following:

• To learn more about storage volumes and how to manage them, see Managing Your

Gateway (p. 144).

• To troubleshoot gateway problems, see Troubleshooting Your Gateway (p. 316).

API Version 2013-06-30

Page 77

AWS Storage Gateway User Guide

Using Your Volume

• To optimize your gateway, see Optimizing Gateway Performance (p. 287).

• To learn about Storage Gateway metrics and how you can monitor how your gateway performs, see

Monitoring Your Gateway and Resources (p. 185)).

• To learn more about conﬁguring your gateway's iSCSI targets to store data, see Connecting to Your

Volumes to a Windows Client (p. 365).

To learn about sizing your volume gateway's storage for real-world workloads and cleaning up resources you don't need, see the following sections.

Sizing Your Volume Gateway's Storage for Real-World Workloads

By this point, you have a simple, working gateway. However, the assumptions used to create this gateway are not appropriate for real-world workloads. If you want to use this gateway for real-world workloads, you need to do two things:

1. Size your upload buﬀer appropriately.

2. Set up monitoring for your upload buﬀer, if you haven't done so already.

Following, you can ﬁnd how to do both of these tasks. If you activated a gateway for cached volumes, you also need to size your cache storage for real-world workloads.

To size your upload buﬀer and cache storage for a gateway-cached setup

• Use the formula shown in Determining the Size of Upload Buﬀer to Allocate (p. 221) for sizing the upload buﬀer. We strongly recommend that you allocate at least 150 GiB for the upload buﬀer. If the upload buﬀer formula yields a value less than 150 GiB, use 150 GiB as your allocated upload buﬀer.

The upload buﬀer formula takes into account the diﬀerence between throughput from your application to your gateway and throughput from your gateway to AWS, multiplied by how long you expect to write data. For example, assume that your applications write text data to your gateway at a rate of 40 MB per second for 12 hours a day and your network throughput is 12 MB per second. Assuming a compression factor of 2:1 for the text data, the formula speciﬁes that you need to allocate approximately 675 GiB of upload buﬀer space.

To size your upload buﬀer for a stored setup

• Use the formula discussed in Determining the Size of Upload Buﬀer to Allocate (p. 221). We strongly recommend that you allocate at least 150 GiB for your upload buﬀer. If the upload buﬀer formula yields a value less than 150 GiB, use 150 GiB as your allocated upload buﬀer.

To monitor your upload buﬀer

1. Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

2. Choose the Gateway tab, choose the Details tab, and then ﬁnd the Upload Buﬀer Used ﬁeld to view your gateway's current upload buﬀer.

3. Set one or more alarms to notify you about upload buﬀer use.

API Version 2013-06-30

Page 78

AWS Storage Gateway User Guide

Backing Up Your Volumes

We highly recommend that you create one or more upload buﬀer alarms in the Amazon CloudWatch console. For example, you can set an alarm for a level of use you want to be warned about and an alarm for a level of use that, if exceeded, is cause for action. The action might be adding more upload buﬀer space. For more information, see To set an upper threshold alarm for a gateway's

upload buﬀer (p. 197).

Cleaning Up Resources You Don't Need

If you created your gateway as an example exercise or a test, consider cleaning up to avoid incurring unexpected or unnecessary charges.

To clean up resources you don't need

1. Delete any snapshots. For instructions, see Deleting a Snapshot (p. 163).

2. Unless you plan to continue using the gateway, delete it. For more information, see Deleting Your

Gateway by Using the AWS Storage Gateway Console and Removing Associated Resources (p. 281).

3. Delete the AWS Storage Gateway VM from your on-premises host. If you created your gateway on an Amazon EC2 instance, terminate the instance.

Backing Up Your Volumes

By using AWS Storage Gateway, you can help protect your on-premises business applications that use Storage Gateway volumes for cloud-backed storage. You can back up your on-premises AWS Storage Gateway volumes using the native snapshot scheduler in Storage Gateway or AWS Backup. In both cases, Storage Gateway volume backups are stored as Amazon EBS snapshots in AWS.

Topics

• Using Storage Gateway to Back Up Your Volumes (p. 71)

• Using AWS Backup to Back Up Your Volumes (p. 71)

Using Storage Gateway to Back Up Your Volumes

You can use the Storage Gateway Management Console to back up your volumes by taking Amazon EBS snapshots and storing the snapshots in AWS. You can either take an ad hoc (one-time) snapshot or set up a snapshot schedule that is managed by Storage Gateway. You can later restore the snapshot to a new volume by using the Storage Gateway console. For information about how to back up and manage your backup from the Storage Gateway, see the following topics:

• Testing Your Gateway (p. 68)

• Creating a One-Time Snapshot (p. 162)

• Cloning a Volume (p. 157)

Using AWS Backup to Back Up Your Volumes

AWS Backup is a centralized backup service that makes it easy and cost-eﬀective for you to back up your application data across AWS services in both the AWS Cloud and on-premises. Doing this helps you meet your business and regulatory backup compliance requirements. AWS Backup makes protecting your AWS storage volumes, databases, and ﬁle systems simple by providing a central place where you can do the following:

• Conﬁgure and audit the AWS resources that you want to back up.

API Version 2013-06-30

Page 79

AWS Storage Gateway User Guide

Backing Up Your Volumes

• Automate backup scheduling.

• Set retention policies.

• Monitor all recent backup and restore activity.

Because Storage Gateway integrates with AWS Backup, it enables customers to use AWS Backup to back up on-premises business applications that use Storage Gateway volumes for cloud-backed storage. AWS Backup supports backup and restore of both cached and stored volumes. For information about AWS Backup, see the AWS Backup documentation. For information about AWS Backup, see What is AWS

Backup? in the AWS Backup User Guide.

You can manage Storage Gateway volumes' backup and recovery operations with AWS Backup and avoid the need to create custom scripts or manually manage point-in-time backups. With AWS Backup, you can also monitor your on-premises volume backups alongside your in-cloud AWS resources from a single AWS Backup dashboard. You can use AWS Backup to either create a one-time on-demand backup or deﬁne a backup plan that is managed in AWS Backup.

Storage Gateway volume backups taken from AWS Backup are stored in Amazon S3 as Amazon EBS snapshots. You can see the Storage Gateway volume backups from the AWS Backup console or the Amazon EBS console.

You can easily restore Storage Gateway volumes that are managed through AWS Backup to any onpremises gateway or in-cloud gateway. You can also restore such a volume to an Amazon EBS volume that you can use with Amazon EC2 instances.

Beneﬁts of Using AWS Backup to Back Up Storage Gateway Volumes

The beneﬁts of using AWS Backup to back up Storage Gateway volumes are that you can meet compliance requirements, avoid operational burden, and centralize backup management. AWS Backup enables you to do the following:

• Set customizable scheduled backup policies that meet your backup requirements.

• Set backup retention and expiration rules so you no longer need to develop custom scripts or manually

manage the point-in-time backups of your volumes.

• Manage and monitor backups across multiple gateways, and other AWS resources from a central view.

To use AWS Backup to create backups of your volumes

Note

AWS Backup requires that you choose an AWS Identity and Access Management (IAM) role that AWS Backup consumes. You need to create this role because AWS Backup doesn't create it for you. You also need to create a trust relationship between AWS Backup and this IAM role. For information about how to do this, see the AWS Backup User Guide. For information about how to do this, see Creating a Backup Plan in the AWS Backup User Guide.

1. Open the Storage Gateway console and choose Volumes from the navigation pane at left.

2. For Actions, choose Create on-demand backup with AWS Backup or Create AWS backup plan.

API Version 2013-06-30

Page 80

AWS Storage Gateway User Guide

Backing Up Your Volumes

If you want to create an on-demand backup of the Storage Gateway volume, choose Create on- demand backup with AWS Backup. You are directed the AWS Backup console.

If you want to create a new AWS Backup plan, choose Create AWS backup plan. You are directed to the AWS Backup console.

API Version 2013-06-30

Page 81

AWS Storage Gateway User Guide

Backing Up Your Volumes

On the AWS Backup console, you can create a backup plan, assign a Storage Gateway volume to the backup plan, and create a backup. You can also do ongoing backup management tasks.

Finding and Restoring Your Volumes from AWS Backup

You can ﬁnd and restore your backup Storage Gateway volumes from the AWS Backup console. For more information, see the AWS Backup User Guide. For more information, see Recovery Points in the AWS Backup User Guide.

To ﬁnd and restore your volumes

1. Open the AWS Backup console and ﬁnd the Storage Gateway volume backup that you want to restore. You can restore the Storage Gateway volume backup to an Amazon EBS volume or to a Storage Gateway volume. Choose the appropriate option for your restore requirements.

2. For Restore type, choose to restore a stored or cached Storage Gateway volume and provide the required information:

• For a stored volume, provide the information for Gateway name, Disk ID, and iSCSI target name.

API Version 2013-06-30

Page 82

AWS Storage Gateway User Guide

Creating a Tape Gateway

• For a cached volume, provide the information for Gateway name, Capacity, and iSCSI target

name.

3. Choose Restore resource to restore your volume.

Note

You can't use the Amazon EBS console to delete a snapshot that is created by AWS Backup.

Creating a Tape Gateway

In this section, you can ﬁnd instructions about how to create and use a tape gateway.

Topics

• Creating a Gateway (p. 75)

• Creating Tapes (p. 82)

• Using Your Tape Gateway (p. 83)

Creating a Gateway

In this section, you can ﬁnd instructions about how to download, deploy, and activate a tape gateway.

Topics

• Choosing a Gateway Type (p. 75)

• Choosing a Host Platform and Downloading the VM (p. 76)

• Choosing a Service Endpoint (p. 39)

• Connecting to Your Gateway (p. 78)

• Activating Your Gateway (p. 79)

• Conﬁguring Local Disks (p. 81)

Choosing a Gateway Type

For a tape gateway (p. 6), you store and archive your data on virtual tapes in AWS. A tape gateway eliminates some of the challenges associated with owning and operating an on-premises physical tape infrastructure.

To create a tape gateway

1. Open the AWS Management Console at http://console.www.amazonaws.cn/storagegateway/home, and choose the AWS Region that you want to create your gateway in.

If you have previously created a gateway in this AWS Region, the console shows your gateway. Otherwise, the console home page appears.

API Version 2013-06-30

Page 83

AWS Storage Gateway User Guide

Creating a Gateway

2. If you haven't created a gateway in the AWS Region you selected, choose Get started. If you already have a gateway in the AWS Region you selected, choose Gateways from the navigation pane, and then choose Create gateway.

3. On the Select gateway type page, choose Tape gateway, and then choose Next.

Choosing a Host Platform and Downloading the VM

Requirements (p. 20).

Note

You can run only ﬁle, cached volume, and tape gateways on an Amazon EC2 instance.

To select a host platform and download the VM

1. On the Select host platform page, choose the virtualization platform that you want to run your gateway on.

2. Choose Download image next to your virtualization platform to download a .zip ﬁle that contains the .ova ﬁle for your virtualization platform.

Note

The .zip ﬁle is over 500 MB in size and might take some time to download, depending on your network connection.

For EC2, you create an instance from the provided AMI.

API Version 2013-06-30

Page 84

AWS Storage Gateway User Guide

Creating a Gateway

Requirements (p. 11).

If you choose VMware, do the following:

• Store your disk in Thick provisioned format. When you use thick provisioning, the disk storage

• Conﬁgure your gateway VM to use paravirtualized disk controllers. For more information, see

Conﬁguring the AWS Storage Gateway VM to Use Paravirtualized Disk Controllers (p. 346).

If you choose Microsoft Hyper-V, do the following:

• Conﬁgure the disk type as Fixed size. When you use ﬁxed-size provisioning, the disk storage is

• When allocating disks, choose virtual hard disk (.vhd) ﬁle. Storage Gateway supports the .vhdx

If you choose EC2, do the following:

Launch an Amazon Machine Image (AMI) that contains the gateway VM image, and then activate the gateway. For information about deploying your gateway to an Amazon EC2 host, see: Deploying a

Volume or Tape Gateway on an Amazon EC2 Host (p. 349)

If you choose the hardware appliance, see Activate Your Hardware Appliance (p. 29).

For information about deploying your gateway to an Amazon EC2 host, see Deploy your gateway to an

Amazon EC2 host (p. 349).

Choosing a Service Endpoint

To choose a service endpoint

1. For Endpoint type you have the following options:

API Version 2013-06-30

Page 85

AWS Storage Gateway User Guide

Creating a Gateway

To make your gateway access AWS services over the public Internet, choose Public.

To make your gateway access AWS services through the VPC endpoint in your VPC, choose VPC.

This walkthorough assumes that you are activating your gateway with a public endpoint. For Information about how to activate a gateway using a VPC, endpoint see Activating a Gateway in a

Virtual Private Cloud (p. 133).

2. Choose Next to connect you gateway and activate your gateway.

Connecting to Your Gateway

The activation process associates your gateway with your AWS account. Your gateway VM must be running for activation to succeed.

Make sure that you select the correct gateway type. The .ova ﬁles and AMIs for the gateway types are diﬀerent and are not interchangeable.

To get the IP address for your gateway VM from the local console

1. Log on to your gateway VM local console. For detailed instructions, see the following:

• VMware ESXi—Accessing the Gateway Local Console with VMware ESXi (p. 273).

• Microsoft Hyper-V—Access the Gateway Local Console with Microsoft Hyper-V (p. 274).

2. Get the IP address from the top of the menu page, and make note of it for later use.

To get the IP address from an EC2 instance

1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

2. In the navigation pane, choose Instances, and then choose the EC2 instance.

3. Choose the Description tab at the bottom, and then note the IP address. You use this IP address to activate the gateway.

API Version 2013-06-30

Page 86

AWS Storage Gateway User Guide

Creating a Gateway

To associate your gateway with your AWS account

1. If the Connect to gateway page isn't already open, open the console and navigate to that page.

2. Type the IP address of your gateway for IP address, and then choose Connect gateway.

For detailed information about how to get a gateway IP address, see Connecting to Your

Gateway (p. 391).

Activating Your Gateway

When your gateway VM is deployed and running, you can conﬁgure your gateway settings and activate your gateway. If activation fails, check that the IP address you entered is correct. If the IP address is correct, conﬁrm that your network is conﬁgured to let your browser access the gateway VM. For more information on troubleshooting, see Troubleshooting On-Premises Gateway Issues (p. 316) or

Troubleshooting Amazon EC2 Gateway Issues (p. 323).

To conﬁgure your gateway settings

The gateway type, endpoint type, and AWS Region you selected are shown on the activation page.

1. Type the information listed on the activation page to conﬁgure your gateway settings and complete the activation process.

The following screenshot shows the activation page for tape gateways.

API Version 2013-06-30

Page 87

AWS Storage Gateway User Guide

Creating a Gateway

• AWS Region speciﬁes the AWS Region where your gateway will be activated and where your data

will be stored. If Endpoint type is VPC, the AWS Region should be same as the Region where your VPC Endpoint is located.

• Gateway time zone speciﬁes the time zone to use for your gateway.

• Gateway name identiﬁes your gateway. You use this name to manage your gateway in the

console; you can change it after the gateway is activated. This name must be unique to your account.

• Backup application speciﬁes the backup application you want to use. Storage Gateway

automatically chooses a compatible medium changer for your backup application. If your backup application is not listed, choose Other and choose a medium changer type. Medium changer type speciﬁes the type of medium changer to use for your backup application.

Backup Application Medium Changer Type

Arcserve Backup AWS-Gateway-VTL

Bacula Enterprise V10.x AWS-Gateway-VTL or STK-L700

Commvault V11 STK-L700

Dell EMC NetWorker V8.x or V9.x AWS-Gateway-VTL

IBM Spectrum Protect v7.x IBM-03584L32-0402

Micro Focus (HPE) Data Protector 9.x AWS-Gateway-VTL

Microsoft System Center 2012 R2 or 2016

STK-L700

Data Protection Manager

NovaStor DataCenter/Network 6.4 or 7.1 STK-L700

Quest NetVault Backup 10.0 or 11.x or 12.x STK-L700

Veeam Backup & Replication V7 or V8 STK-L700

API Version 2013-06-30

Page 88

AWS Storage Gateway User Guide

Creating a Gateway

Backup Application Medium Changer Type

Veeam Backup & Replication V9 Update 2 or later

Veritas Backup Exec 2014 or 15 or 16 or 20.x AWS-Gateway-VTL

Veritas Backup Exec 2012

AWS-Gateway-VTL

STK-L700

Note

Veritas has ended support for Backup Exec 2012. For more information, see

End of Support for Prior Backup Exec Versions.

Veritas NetBackup Version 7.x or 8.x AWS-Gateway-VTL

Important

Selecting a Medium Changer After Gateway Activation (p. 358).

• Tape drive type speciﬁes the type of tape drive used by this gateway.

2. Choose Activate gateway.

When the gateway is successfully activated, the AWS Storage Gateway console displays the Conﬁgure local storage page.

If activation is not successful, see Troubleshooting Your Gateway (p. 316) for possible solutions.

Conﬁguring Local Disks

When you deployed the VM, you allocated local disks for your gateway. Now you conﬁgure your gateway to use these disks.

Note

To conﬁgure local disks

1. On the Conﬁgure local disks page, identify the disks you allocated and decide which ones you want to use for an upload buﬀer and cached storage. For information about disk size limits, see

Recommended Local Disk Sizes For Your Gateway (p. 397).

API Version 2013-06-30

Page 89

AWS Storage Gateway User Guide

Creating Tapes

2. In the Allocation column next to your upload buﬀer disk, choose Upload Buﬀer.

3. Choose Cache for the disk you want to conﬁgure as cache storage.

If you don't see your disks, choose Refresh.

4. Choose Save and continue to save your conﬁguration settings.

Next Step

Creating Tapes (p. 82)

Creating Tapes

Note

You are charged only for the amount of data you write to the tape, not the tape capacity. You can use AWS Key Management Service (AWS KMS) to encrypt data written to a virtual tape that is stored in Amazon S3. Currently, you can do this by using the AWS Storage Gateway API Reference. For more information, see CreateTapes or create-tapes.

To create virtual tapes

1. In the navigation pane, choose the Gateways tab.

2. Choose Create tapes to open the Create tapes dialog box.

3. For Gateway, choose a gateway. The tape is created for this gateway.

4. For Number of tapes, choose the number of tapes you want to create. For more information about tape limits, see AWS Storage Gateway Limits (p. 395).

5. For Capacity, type the size of the virtual tape you want to create. Tapes must be larger than 100GiB. For information about capacity limits, see AWS Storage Gateway Limits (p. 395).

6. For Barcode preﬁx, type the preﬁx you want to prepend to the barcode of your virtual tapes.

API Version 2013-06-30

Page 90

AWS Storage Gateway User Guide

Using Your Tape Gateway

Note

Virtual tapes are uniquely identiﬁed by a barcode. You can add a preﬁx to the barcode. The preﬁx is optional, but you can use it to help identify your virtual tapes. The preﬁx must be uppercase letters (A–Z) and must be one to four characters long.

7. For Pool, choose Glacier Pool or Deep Archive Pool. This pool represents the storage class in which your tape will be stored when it is ejected by your backup software.

Choose Glacier Pool if you want to archive the tape in GLACIER. When your backup software ejects the tape, it is automatically archived in GLACIER. You use Glacier for more active archives where you can retrieve the tapes in 3-5 hours. For detailed information, see Storage Classes for Archiving

Objects

Choose Deep Archive Pool if you want to archive the tape in DEEP_ARCHIVE. When your backup software ejects the tape, the tape is automatically archived in DEEP_ARCHIVE. You use DEEP_ARCHIVE for long-term data retention and digital preservation where data is accessed once or twice a year. You can retrieve tapes archived in DEEP_ARCHIVE within 12 hours. For detailed information, see Storage Classes for Archiving Objects.

If you archive a tape in GLACIER, you can move it to DEEP_ARCHIVE later. For more information, see

Moving Your Tape from Glacier to Deep Archive Storage Class (p. 180).

Note

Tapes created before March 27, 2019, are archived directly in Amazon S3 Glacier when your backup software ejects it.

8. Choose Create tapes.

9. In the navigation pane, choose the Tape Library tab and choose Tapes to see your tapes.

The status of the virtual tapes is initially set to CREATING when the virtual tapes are being created. After the tapes are created, their status changes to AVAILABLE. For more information, see Managing Your

Tape Gateway (p. 178).

Next Step

Using Your Tape Gateway (p. 83)

Using Your Tape Gateway

Following, you can ﬁnd instructions about how to use your tape gateway.

Topics

• Connecting Your VTL Devices (p. 84)

API Version 2013-06-30

Page 91

AWS Storage Gateway User Guide

Using Your Tape Gateway

• Using Your Backup Software to Test Your Gateway Setup (p. 86)

• Where Do I Go from Here? (p. 133)

Connecting Your VTL Devices

Following, you can ﬁnd instructions about how to connect your virtual tape library (VTL) devices to your Microsoft Windows or Red Hat Enterprise Linux (RHEL) client.

Topics

• Connecting to a Microsoft Windows Client (p. 84)

• Connecting to a Linux Client (p. 85)

Connecting to a Microsoft Windows Client

The following procedure shows a summary of the steps that you follow to connect to a Windows client.

To connect your VTL devices to a Windows client

1. Start iscsicpl.exe.

Note

You must have administrator rights on the client computer to run the iSCSI initiator.

2. Start the Microsoft iSCSI initiator service.

3. In the iSCSI Initiator Properties dialog box, choose the Discovery tab, and then choose the Discover Portal button.

4. Provide the IP address of your tape gateway for IP address or DNS name.

5. Choose the Targets tab, and then choose Refresh. All 10 tape drives and the medium changer appear in the Discovered targets box. The status for the targets is Inactive.

6. Choose the ﬁrst device and connect it. You connect the devices one at a time.

7. Connect all of the targets.

On a Windows client, the driver provider for the tape drive must be Microsoft. Use the following procedure to verify the driver provider, and update the driver and provider if necessary:

To verify and update the driver and provider

1. On your Windows client, start Device Manager.

2. Expand Tape drives, open the context (right-click) menu for a tape drive, and choose Properties.

3. In the Driver tab of the Device Properties dialog box, verify Driver Provider is Microsoft.

4. If Driver Provider is not Microsoft, set the value as follows:

a. Choose Update Driver.

b. In the Update Driver Software dialog box, choose Browse my computer for driver software.

c. In the Update Driver Software dialog box, choose Let me pick from a list of device drivers on

my computer.

d. Choose LTO Tape drive and choose Next.

5. Choose Close to close the Update Driver Software window, and verify that the Driver Provider value is now set to Microsoft.

6. Repeat the steps to update driver and provider for all the tape drives.

API Version 2013-06-30

Page 92

AWS Storage Gateway User Guide

Using Your Tape Gateway

Connecting to a Linux Client

The following procedure shows a summary of the steps that you follow to connect to an RHEL client.

To connect a Linux client to VTL devices

1. Install the iscsi-initiator-utils RPM package.

You can use the following command to install the package.

sudo yum install iscsi-initiator-utils

2. Make sure that the iSCSI daemon is running.

For RHEL 5 or 6, use the following command.

sudo /etc/init.d/iscsi status

For RHEL 7, use the following command.

sudo service iscsid status

3. Discover the volume or VTL device targets deﬁned for a gateway. Use the following discovery command.

sudo /sbin/iscsiadm --mode discovery --type sendtargets --portal [GATEWAY_IP]:3260

The output of the discovery command looks like the following example output.

For volume gateways: [GATEWAY_IP]:3260, 1 iqn.1997-05.com.amazon:myvolume

For tape gateways: iqn.1997-05.com.amazon:[GATEWAY_IP]-tapedrive-01

4. Connect to a target.

Make sure to specify the correct [GATEWAY_IP] and IQN in the connect command.

Use the following command.

sudo /sbin/iscsiadm --mode node --targetname iqn.1997-05.com.amazon:[ISCSI_TARGET_NAME]

--portal [GATEWAY_IP]:3260,1 --login

5. Verify that the volume is attached to the client machine (the initiator). To do so, use the following command.

ls -l /dev/disk/by-path

The output of the command should look like the following example output.

lrwxrwxrwx. 1 root root 9 Apr 16 19:31 ip-[GATEWAY_IP]:3260-iscsiiqn.1997-05.com.amazon:myvolume-lun-0 -> ../../sda

We highly recommend that after you set up your initiator you customize your iSCSI settings as discussed in Customizing Your Linux iSCSI Settings (p. 376).

Next Step

API Version 2013-06-30

Page 93

AWS Storage Gateway User Guide

Using Your Tape Gateway

Using Your Backup Software to Test Your Gateway Setup (p. 86)

Using Your Backup Software to Test Your Gateway Setup

You test your tape gateway setup by performing the following tasks using your backup application:

1. Conﬁgure the backup application to detect your storage devices.

Note

To improve I/O performance, we recommend setting the block size of the tape drives in your backup application to 1 MB For more information, see Use a Larger Block Size for Tape

Drives (p. 288).

2. Back up data to a tape.

3. Archive the tape.

4. Retrieve the tape from the archive.

5. Restore data from the tape.

To test your setup, use a compatible backup application, as described following.

Note

Unless otherwise stated, all backup applications were qualiﬁed on Microsoft Windows.

Topics

• Testing Your Setup by Using Arcserve Backup r17.0 (p. 86)

• Testing Your Setup by Using Bacula Enterprise (p. 89)

• Testing Your Setup by Using Commvault (p. 91)

• Testing Your Setup by Using Dell EMC NetWorker (p. 95)

• Testing Your Setup by Using IBM Spectrum Protect (p. 97)

• Testing Your Setup by Using Micro Focus (HPE) Data Protector (p. 99)

• Testing Your Setup by Using Microsoft System Center Data Protection Manager (p. 104)

• Testing Your Setup by Using NovaStor DataCenter/Network (p. 107)

• Testing Your Setup by Using Quest NetVault Backup (p. 112)

• Testing Your Setup by Using Veeam Backup & Replication (p. 115)

• Testing Your Setup by Using Veritas Backup Exec (p. 118)

• Testing Your Setup by Using Veritas NetBackup (p. 122)

For more information about compatible backup applications, see Supported Third-Party Backup

Applications for a Tape Gateway (p. 22).

Testing Your Setup by Using Arcserve Backup r17.0

You can back up your data to virtual tapes, archive the tapes, and manage your virtual tape library (VTL) devices by using Arcserve Backup r17.0. In this topic, you can ﬁnd basic documentation to conﬁgure Arcserve Backup with a tape gateway and perform a backup and restore operation. For detailed information about to use Arcserve Backup r17.0, see Arcserve Backup r17 documentation in the Arcserve

Administration Guide.

The following screenshot shows the Arcserve menus.

API Version 2013-06-30

Page 94

AWS Storage Gateway User Guide

Using Your Tape Gateway

Topics

• Conﬁguring Arcserve to Work with VTL Devices (p. 87)

• Loading Tapes into a Media Pool (p. 87)

• Backing Up Data to a Tape (p. 88)

• Archiving a Tape (p. 88)

• Restoring Data from a Tape (p. 88)

Conﬁguring Arcserve to Work with VTL Devices

After you have connected your virtual tape library (VTL) devices to your client, you scan for your devices.

To scan for VTL devices

1. In the Arcserve Backup Manager, choose the Utilities menu.

2. Choose Media Assure and Scan.

Loading Tapes into a Media Pool

When the Arcserve software connects to your gateway and your tapes become available, Arcserve automatically loads your tapes. If your gateway is not found in the Arcserve software, try restarting the tape engine in Arcserve.

To restart the tape engine

1. Choose Quick Start, choose Administration, and then choose Device.

2. On the navigation menu, open the context (right-click) menu for your gateway and choose an import/export slot.

3. Choose Quick Import and assign your tape to an empty slot.

4. Open the context (right-click) menu for your gateway and choose Inventory/Oﬄine Slots.

5. Choose Quick Inventory to retrieve media information from the database.

If you add a new tape, you need to scan your gateway for the new tape to have it appear in Arcserve. If the new tapes don't appear, you must import the tapes.

To import tapes

1. Choose the Quick Start menu, choose Back up, and then choose Destination tap.

2. Choose your gateway, open the context (right-click) menu for one tape, and then choose Import/ Export Slot.

API Version 2013-06-30

Page 95

AWS Storage Gateway User Guide

Using Your Tape Gateway

3. Open the context (right-click) menu for each new tape and choose Inventory.

4. Open the context (right-click) menu for each new tape and choose Format.

Each tape's barcode now appears in your Storage Gateway console, and each tape is ready to use.

Backing Up Data to a Tape

When your tapes have been loaded into Arcserve, you can back up data. The backup process is the same as backing up physical tapes.

To back up data to a tape

1. From the Quick Start menu, open the restore a backup session.

2. Choose the Source tab, and then choose the ﬁle system or database system that you want to back up.

3. Choose the Schedule tab and choose the repeat method you want to use.

4. Choose the Destination tab and then choose the tape you want to use. If the data you are backing up is larger than the tape can hold, Arcserve prompts you to mount a new tape.

5. Choose Submit to back up your data.

Archiving a Tape

When you archive a tape, your tape gateway moves the tape from the tape library to the oﬄine storage. Before you eject and archive a tape, you might want to check the content on it.

To archive a tape

1. From the Quick Start menu, open the restore a backup session.

2. Choose the Source tab, and then choose the ﬁle system or database system you want to back up.

3. Choose the Schedule tab and choose the repeat method you want to use.

4. Choose your gateway, open the context (right-click) menu for one tape, and then choose Import/ Export Slot.

5. Assign a mail slot to load the tape. The status in the Storage Gateway console changes to Archive. The archive process might take some time.

The archiving process can take some time to complete. The initial status of the tape appears as IN TRANSIT TO VTS. When archiving starts, the status changes to ARCHIVING. When archiving is completed, the tape is no longer listed in the VTL but is archived in S3 Glacier or S3 Glacier Deep Archive.

Restoring Data from a Tape

Restoring your archived data is a two-step process.

To restore data from an archived tape

1. Retrieve the archived tape to a tape gateway. For instructions, see Retrieving Archived

Tapes (p. 181).

2. Use Arcserve to restore the data. This process is the same as restoring data from physical tapes. For instructions, see the Arcserve Backup r17 documentation.

To restore data from a tape, use the following procedure.

To restore data from a tape

1. From the Quick Start menu, open the restore a restore session.

API Version 2013-06-30

Page 96

AWS Storage Gateway User Guide

Using Your Tape Gateway

2. Choose the Source tab, and then choose the ﬁle system or database system you want to restore.

3. Choose the Destination tab and accept the default settings.

4. Choose the Schedule tab, choose the repeat method that you want to use, and then choose Submit.

Next Step

Cleaning Up Resources You Don't Need (p. 133)

Testing Your Setup by Using Bacula Enterprise

You can back up your data to virtual tapes, archive the tapes, and manage your virtual tape library (VTL) devices by using Bacula Enterprise version 10. In this topic, you can ﬁnd basic documentation on how to conﬁgure the Bacula version 10 backup application for a tape gateway and perform backup and restore operations. For detailed information about how to use Bacula version 10, see Bacula Systems Manuals

and Documentation or contact Bacula Systems.

Note

Bacula is only supported on Linux.

Setting Up Bacula Enterprise

After you have connected your virtual tape library (VTL) devices to your Linux client, you conﬁgure the Bacula software to recognize your devices. For information about how to connect VTL devices to your client, see Connecting Your VTL Devices (p. 84).

To set up Bacula

1. Get a licensed copy of the Bacula Enterprise backup software from Bacula Systems.

2. Install the Bacula Enterprise software on your on-premises or in-cloud computer.

For information about how to get the installation software, see Enterprise Backup for Amazon S3

and AWS Storage Gateway. For additional installation guidance, see the Bacula whitepaper Using Cloud Services and Object Storage with Bacula Enterprise Edition.

Conﬁguring Bacula to Work with VTL Devices

Next, conﬁgure Bacula to work with your VTL devices. Following, you can ﬁnd basic conﬁguration steps.

To conﬁgure Bacula

1. Install the Bacula Director and the Bacula Storage daemon. For instructions, see chapter 7 of the

Using Cloud Services and Object Storage with Bacula Enterprise Edition Bacula white paper.

2. Connect to the system that is running Bacula Director and conﬁgure the iSCSI initiator. To do so, use the script provided in step 7.4 in the Using Cloud Services and Object Storage with Bacula Enterprise

Edition Bacula whitepaper.

3. Conﬁgure the storage devices. Use the script provided in the Bacula whitepaper discussed preceding.

4. Conﬁgure the local Bacula Director, add storage targets, and deﬁne media pools for your tapes. Use the script provided in the Bacula whitepaper discussed preceding.

Backing Up Data to Tape

1. Create tapes in the Storage Gateway console. For information on how to create tapes, see Creating

Tapes (p. 82).

2. Transfer tapes from the I/E slot to the storage slot by using the following command.

/opt/bacula/scripts/mtx-changer

API Version 2013-06-30

Page 97

AWS Storage Gateway User Guide

Using Your Tape Gateway

For example, the following command transfers tapes from I/E slot 1601 to storage slot 1.

/opt/bacula/scripts/mtx-changer transfer 1601 1

3. Launch the Bacula console by using the following command.

/opt/bacula/bin/bconsole

Note

When you create and transfer a tape to Bacula, use the Bacula console (bconsole) command update slots storage=VTL so that Bacula knows about the new tapes that you created.

4. Label the tape with the barcode as the volume name or label by using the following bconsole command.

label storage=VTL pool=pool.VTL barcodes === label the tapes with the barcode as the volume name / label

5. Mount the tape by using the following command.

mount storage=VTL slot=1 drive=0

6. Create a backup job that uses the media pools you created, and then write data to the virtual tape by using the same procedures that you do with physical tapes.

7. Unmount the tape from the Bacula console by using the following command.

umount storage=VTL slot=1 drive=0

Archiving a Tape

When all backup jobs for a particular tape are done and you can archive the tape, use the mtx-changer script to move the tape from the storage slot to the I/E slot. This action is similar to the eject action in other backup applications.

To archive a tape

1. Transfer the tape from the storage slot to the I/E slot by using the /opt/bacula/scripts/mtxchanger command.

For example, the following command transfers a tape from the storage slot 1 to I/E slot 1601.

/opt/bacula/scripts/mtx-changer transfer 1 1601

2. Verify that the tape is archived in the oﬄine storage (GLACIER or DEEP_ARCHIVE) and that the tape has the status Archived.

Restoring Data from an Archived and Retrieved Tape

Restoring your archived data is a two-step process.

To restore data from an archived tape

1. Retrieve the archived tape from archive to a tape gateway. For instructions, see Retrieving Archived

Tapes (p. 181).

2. Restore your data by using the Bacula software:

a. Import the tapes into the storage slot by using the /opt/bacula/scripts/mtx-changer

command to transfer tapes from the I/E slot.

For example, the following command transfers tapes from I/E slot 1601 to storage slot 1.

API Version 2013-06-30

Page 98

AWS Storage Gateway User Guide

Using Your Tape Gateway

/opt/bacula/scripts/mtx-changer transfer 1601 1

b. Use the Bacula console to update the slots, and then mount the tape. c. Run the restore command to restore your data. For instructions, see the Bacula documentation.

Testing Your Setup by Using Commvault

You can back up your data to virtual tapes, archive the tapes, and manage your virtual tape library (VTL) devices by using Commvault version 11. In this topic, you can ﬁnd basic documentation on how to conﬁgure the Commvault backup application for a tape gateway, perform a backup archive, and retrieve your data from archived tapes. For detailed information about how to use Commvault, see the

Commvault documentation on the Commvault website.

Topics

• Conﬁguring Commvault to Work with VTL Devices (p. 91)

• Creating a Storage Policy and a Subclient (p. 92)

• Backing Up Data to a Tape in Commvault (p. 93)

• Archiving a Tape in Commvault (p. 93)

• Restoring Data from a Tape (p. 94)

Conﬁguring Commvault to Work with VTL Devices

After you connect the VTL devices to the Windows client, you conﬁgure Commvault to recognize them. For information about how to connect VTL devices to the Windows client, see Connecting Your VTL

Devices to a Windows client (p. 368).

The Commvault backup application doesn't automatically recognize VTL devices. You must manually add devices to expose them to the Commvault backup application and then discover the devices.

To conﬁgure Commvault

1. In the CommCell console main menu, choose Storage, and then choose Expert Storage Conﬁguration to open the Select MediaAgents dialog box.

2. Choose the available media agent you want to use, choose Add, and then choose OK.

3. In the Expert Storage Conﬁguration dialog box, choose Start, and then choose Detect/Conﬁgure Devices.

API Version 2013-06-30

Page 99

AWS Storage Gateway User Guide

Using Your Tape Gateway

4. Leave the Device Type options selected, choose Exhaustive Detection, and then choose OK.

5. In the Conﬁrm Exhaustive Detection conﬁrmation box, choose Yes.

6. In the Device Selection dialog box, choose your library and all its drives, and then choose OK. Wait for your devices to be detected, and then choose Close to close the log report.

7. Right-click your library, choose Conﬁgure, and then choose Yes. Close the conﬁguration dialog box.

8. In the Does this library have a barcode reader? dialog box, choose Yes, and then for device type, choose IBM ULTRIUM V5.

9. In the CommCell browser, choose Storage Resources, and then choose Libraries to see your tape library.

10. To see your tapes in your library, open the context (right-click) menu for your library, and then choose Discover Media, Media location, Media Library.

11. To mount your tapes, open the context (right-click) menu for your media, and then choose Load.

Creating a Storage Policy and a Subclient

Every backup and restore job is associated with a storage policy and a subclient policy.

A storage policy maps the original location of the data to your media.

To create a storage policy

1. In the CommCell browser, choose Policies.

2. Open the context (right-click) menu for Storage Policies, and then choose New Storage Policy.

3. In the Create Storage Policy wizard, choose Data Protection and Archiving, and then choose Next.

4. Type a name for Storage Policy Name, and then choose Incremental Storage Policy. To associate this storage policy with incremental loads, choose one of the options. Otherwise, leave the options unchecked, and then choose Next.

API Version 2013-06-30

Page 100

AWS Storage Gateway User Guide

Using Your Tape Gateway

5. In the Do you want to Use Global Deduplication Policy? dialog box, choose your Deduplication preference, and then choose Next.

6. From Library for Primary Copy, choose your VTL library, and then choose Next.

7. Verify that your media agent settings are correct, and then choose Next.

8. Verify that your scratch pool settings are correct, and then choose Next.

9. Conﬁgure your retention policies in iData Agent Backup data, and then choose Next.

10. Review the encryption settings, and then choose Next.

11. To see your storage policy, choose Storage Policies.

You create a subclient policy and associate it with your storage policy. A subclient policy enables you to conﬁgure similar ﬁle system clients from a central template, so that you don't have to set up many similar ﬁle systems manually.

To create a subclient policy

1. In the CommCell browser, choose Client Computers, and then choose your client computer. Choose File System, and then choose defaultBackupSet.

2. Right-click defaultBackupSet, choose All Tasks, and then choose New Subclient.

3. In the Subclient properties box, type a name in SubClient Name, and then choose OK.

4. Choose Browse, navigate to the ﬁles that you want to back up, choose Add, and then close the dialog box.

5. In the Subclient property box, choose the Storage Device tab, choose a storage policy from Storage policy, and then choose OK.

6. In the Backup Schedule window that appears, associate the new subclient with a backup schedule.

7. Choose Do Not Schedule for one time or on-demand backups, and then choose OK.

You should now see your subclient in the defaultBackupSet tab.

Backing Up Data to a Tape in Commvault

You create a backup job and write data to a virtual tape by using the same procedures you use with physical tapes. For detailed information about how to back up data, see the Commvault documentation.

Archiving a Tape in Commvault

You start the archiving process by ejecting the tape. When you archive a tape, tape gateway moves the tape from the tape library to oﬄine storage. Before you eject and archive a tape, you might want to ﬁrst check the content on the tape.

To archive a tape

1. In the CommCell browser, choose Storage Resources, Libraries, and then choose Your library. Choose Media By Location, and then choose Media In Library.

2. Open the context (right-click) menu for the tape you want to archive, choose All Tasks, choose Export, and then choose OK.

In the Commvault software, verify that the tape is no longer in the storage slot.

API Version 2013-06-30

AWS Storage Gateway User Manual