AWS Storage Gateway User Guide Table of Contents What Is AWS Storage Gateway? ......................1 Are You a First-Time AWS Storage Gateway User? ................2 How AWS Storage Gateway Works ....................2 File Gateways ........................3 Volume Gateways ....................... 3 Tape Gateways ........................
Page 4
Using Amazon CloudWatch Metrics ................... 213 Measuring Performance Between Your Tape Gateway and AWS ..........213 Logging Storage Gateway API Calls with AWS CloudTrail ............. 215 Storage Gateway Information in CloudTrail ................ 216 Understanding Storage Gateway Log File Entries ..............216 Maintaining Your Gateway .......................
Page 5
Configuring Network Adapters for Your Gateway ..............275 Deleting Your Gateway and Removing Resources ................ 281 Deleting Your Gateway by Using the AWS Storage Gateway Console ........282 Removing Resources from a Gateway Deployed On-Premises ..........282 Removing Resources from a Gateway Deployed on an Amazon EC2 Instance ......284 Performance ..........................
Page 6
Recovering Your Data From An Inaccessible Data Center ............341 Additional Resources ........................343 Host Setup ..........................343 Configuring VMware for Storage Gateway ................. 343 Synchronizing Your Gateway VM Time ................348 Volume or Tape Gateway on Amazon EC2 Host ..............349 File Gateway on EC2 Host ....................
Page 7
AWS Storage Gateway User Guide Configuring CHAP Authentication ..................377 Using AWS Direct Connect with Storage Gateway ............... 386 Port Requirements ........................386 Connecting to Your Gateway ....................391 Getting an IP Address from an Amazon EC2 Host ............... 391 Understanding Resources and Resource IDs ................
AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between your on-premises IT environment and the AWS storage infrastructure. You can use the service to store data in the AWS Cloud for scalable and cost- effective storage that helps maintain data security.
You can run AWS Storage Gateway either on-premises as a VM appliance, as a hardware appliance, or in AWS as an Amazon Elastic Compute Cloud (Amazon EC2) instance. You deploy your gateway on an EC2 instance to provision iSCSI storage volumes in AWS.
CloudWatch metrics provide insight into resource use on the VM and data transfer to and from AWS. CloudTrail tracks all API calls. With file gateway storage, you can do such tasks as ingesting cloud workloads to S3, performing backup and archive, tiering and migrating storage data to the AWS Cloud.
Page 11
Amazon S3. The following diagram provides an overview of the cached volumes deployment. After you install the Storage Gateway software appliance—the VM—on a host in your data center and activate it, you use the AWS Management Console to provision storage volumes backed by Amazon S3.
Page 12
The following diagram provides an overview of the stored volumes deployment. After you install the AWS Storage Gateway software appliance—the VM—on a host in your data center and activated it, you can create gateway storage volumes. You then map them to on-premises direct- attached storage (DAS) or storage area network (SAN) disks.
Storage Gateway console or programmatically by using the Storage Gateway API. Each gateway can contain up to 1500 tapes or up to 1 PiB of total tape data at a time. The size of each virtual tape, which you can configure when you create the tape, is between 100 GiB and 2.5 TiB.
Page 14
• Retrieving tapes – You can't read archived tapes directly. To read an archived tape, you must first retrieve it to your tape gateway either by using the Storage Gateway console or by using the Storage Gateway API. When you retrieve a tape that is archived in GLACIER, it becomes available in your VTL in about three to five hours after you start retrieval.
For an architectural overview, see Tape Gateways (p. 2. Hosting option – You can run Storage Gateway either on-premises as a VM appliance, or as hardware appliance or in AWS as an Amazon EC2 instance. For more information, see Requirements (p.
Page 16
AWS Storage Gateway User Guide Plan Your Gateway Deployment the gateway behind a firewall, make sure that ports are accessible to the gateway VM. For more information, see Requirements (p. 10). 2. For a tape gateway, you have installed client backup software. For more information, see Supported Third-Party Backup Applications for a Tape Gateway (p.
In this section, you can find instructions about how to get started with AWS Storage Gateway. To get started, you first sign up for AWS. If you are a first-time user, we recommend that you read the regions and requirements section.
S3 can be lost. Before you stop the instance that hosts the gateway make sure the CachePercentDirty CloudWatch metric is 0. For more information about monitoring metrics for your storage gateway, see storage gateway metrics dimensions.
AWS Storage Gateway User Guide Network and Firewall Requirements If you have more than 5 million objects in your Amazon S3 bucket and you are using a General Purposes SSD volume, a minimum root EBS volume of 350 GiB is needed for acceptable performance of your gateway during start up.
Page 20
In these cases, your gateway might experience service connectivity issues when the AWS IP range values changes. The AWS IP address range values that you need to use are in the Amazon service subset for the AWS Region that you activate your gateway in. For the current IP...
Page 21
AWS Storage Gateway User Guide Network and Firewall Requirements Protocol Port Direction Source Destination How Used Gateway appliance. AWS Storage Gateway does not require port 80 to be publicly accessible. The required level of access to port 80 depends on your network configuration.
Page 22
AWS-managed Microsoft Active Directory in the AWS Cloud. For most AWS-managed Active Directory deployments, you need to configure the Dynamic Host Configuration Protocol (DHCP) service for your VPC. For more information about how to create a DHCP options set, see here.
Page 23
AWS Storage Gateway User Guide Network and Firewall Requirements Protocol Port Direction Source Destination How Used TCP/UDP 2049 (NFS) Inbound NFS Clients Storage For local Gateway systems to connect to NFS shares that your gateway exposes. TCP/UDP 111 (NFSv3) Inbound...
Page 24
Networking and Firewall Requirements for the AWS Storage Gateway Hardware Appliance Each AWS Storage Gateway Hardware Appliance requires the following network services: • Internet access – an always-on network connection to the internet through any network interface on the server.
Page 25
AWS Storage Gateway User Guide Network and Firewall Requirements You can use the iDRAC port for remote server management. A hardware appliance requires the following ports to operate. Protocol Port Direction Source Destination How Used Outbound Hardware Support 54.201.223.107 appliance...
Page 26
Allowing AWS Storage Gateway Access Through Firewalls and Routers Your gateway requires access to the following endpoints to communicate with AWS. If you use a firewall or router to filter or limit network traffic, you must configure your firewall and router to allow these service endpoints for outbound communication to AWS.
For example, if you create a gateway in the US West (Oregon) region, the endpoint looks like this: storagegateway.us-west-2.amazonaws.com:443. • Storage Gateway—For supported AWS Regions and a list of AWS service endpoints you can use with Storage Gateway, see Regions and Endpoints in the AWS General Reference.
Supported File System Operations for a File Gateway Your NFS or SMB client can write, read, delete, and truncate files. When clients send writes to AWS Storage Gateway, it writes to local Cache synchronously. Then it writes to Amazon S3 asynchronously...
10 tape drives. These tape drives and the media changer are available to your existing client backup applications as iSCSI devices. To connect to these iSCSI devices, AWS Storage Gateway supports the following iSCSI initiators: • Windows Server 2012 and Windows Server 2012 R2 •...
API Reference for AWS Storage Gateway (p. 399). You can also use the AWS SDKs to develop applications that interact with AWS Storage Gateway. The AWS SDKs for Java, .NET, and PHP wrap the underlying AWS Storage Gateway API to simplify your programming tasks.
Hardware Appliance from the Hardware page on the AWS Management Console. When you create new gateway in the AWS Storage Gateway console, you have the option to run the gateway appliance on virtual platforms. AWS Storage Gateway supports VMware ESXi, Microsoft Hyper- V, and Amazon EC2 as hosts.
You can increase the usable storage on the hardware appliance from 5 TB to 12 TB. This provides a larger cache for low latency access to data in AWS. To increase the usable storage to 12 TB, you can buy five 1.92 TB SSDs (solid state drives), which is available on the Amazon Website, and add them to the...
Page 33
After the server boots up, the hardware console appears on the monitor. The hardware console presents a user interface specific to AWS that you can use to configure initial network parameters. You configure these parameters to connect the appliance to AWS and open up a support channel for troubleshooting by AWS Support.
AWS Storage Gateway User Guide Configure Network Parameters For Confirm, re-enter your password, and then choose Save Password. At this point, you are in the hardware console, shown following. Next Step Configure Network Parameters (p. 27) Configure Network Parameters After the server boots up, you can enter your first password in the hardware console as described in Rack-Mount Your Hardware Appliance and Connect It to Power (p.
Page 35
AWS Storage Gateway User Guide Configure Network Parameters To set a network address Choose Configure Network and press the Enter key. The Configure Network screen shown following appears. For IP Address, enter a valid IPv4 address from one of the following sources: •...
AWS account. AWS Storage Gateway Hardware Appliance is only available in the US and Europe. You can choose to activate your hardware appliance in any of the supported AWS Regions. For the supported AWS Regions, AWS Storage Gateway Hardware Appliance Regions in the AWS General Reference.
Page 37
AWS Storage Gateway User Guide Activate Your Hardware Appliance If this is your first gateway in an AWS Region, you see the splash screen shown following. After you create a gateway in this AWS Region, this screen no longer displays.
Page 38
AWS Storage Gateway User Guide Activate Your Hardware Appliance For IP Address, enter the IPv4 address of your appliance, and then choose Connect to Hardware to go to the Activate Hardware screen shown following. For Hardware name, enter a name for your appliance. Names can be up to 255 characters long and can't include a slash character.
Choose Launch gateway. The Storage Gateway software for your chosen gateway type installs on the appliance. It can take up to 5–10 minutes for a gateway to show up as online in the console. To assign a static IP address to your installed gateway, you next configure the gateway's network interfaces so your applications can use it.
Set Local Password dialog box. (Optional) Configure your proxy settings. See the section called “Setting the Local Console Password from the Storage Gateway Console” (p. 253) for instructions. Navigate to the Network Settings page of the gateway local console as shown following.
After you activate your Hardware Appliance in your AWS account, you might have a need to move and activate it in a different AWS account. In this case, you first delete the appliance from the AWS account and activate it in another AWS account. You might also want to delete the appliance completely from your AWS account because you no longer need it.
Page 42
AWS Storage Gateway User Guide Deleting Your Hardware Appliance When you delete the hardware appliance, all the resources associated with the gateway that is installed on the appliance are delete also, but the data on the hardware appliance itself is not deleted.
AWS Storage Gateway Management Console and choose the AWS Region that you want to create your gateway in. If you haven't created a gateway in this AWS Region, the Storage Gateway service homepage is displayed. Choose Get started to open the Create gateway page. On this page, you choose a gateway type. If you have a gateway in the current AWS Region, the console shows your gateway in the console.
Page 44
If you have previously created a gateway in this AWS Region, the console shows your gateway. Otherwise, the service homepage appears. If you haven't created a gateway in the AWS Region that you chose, choose Get started. If you already have a gateway in the AWS Region that you chose, choose Gateways from the navigation pane, and then choose Create gateway.
Page 45
If you don't use fixed-size provisioning, the storage is allocated on demand. On-demand allocation can affect the functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in fixed- size provisioned format.
Page 46
351). Choosing a Service Endpoint You can activate your gateway using a public endpoint and have your gateway communicate with AWS storage services over the public Internet or activate it using a private VPC endpoint. If you use a VPC endpoint, all communication from your gateway to AWS services occurs through the VPC endpoint in your VPC in AWS.
Page 47
For detailed information about how to get a gateway IP address, see Connecting to Your Gateway (p. 391). Activating Your Gateway To activate your gateway The gateway type, endpoint type, and AWS Region you selected are shown on the activation page. API Version 2013-06-30...
Page 48
The following screenshot shows the activation page for a file gateway. AWS Region specifies the AWS Region where your gateway will be activated and where your data will be stored. If Endpoint type is VPC, the AWS Region should be same as the Region where your VPC Endpoint is located.
AWS Storage Gateway User Guide Creating a File Share Choose Cache for the disk you want to configure as cache storage. If you don't see your disks, choose Refresh. Choose Save and continue to save your configuration settings. Next Step Creating a File Share (p.
Page 50
To create a file share, a file gateway requires you to activate AWS Security Token Service (AWS STS). Make sure that AWS STS is activated in the AWS Region that you are creating your file gateway in. If AWS STS is not activated in that AWS Region, activate it. For information about...
Page 51
Requester Pays Buckets. For Access to your bucket, choose the AWS Identity and Access Management (IAM) role that you want your gateway to use to access your Amazon S3 bucket. This role allows the gateway to access your S3 bucket. A file gateway can create a new IAM role and access policy on your behalf. Or, if you have an IAM role that you want to use, you can specify it in the IAM role box and set up the access policy manually.
Page 52
Port Requirements (p. 386). To create an SMB file share Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose Gateways, and on the Gateway page, choose the box next to the file gateway that you want to join to a domain.
Page 53
To configure your SMB file share for Microsoft Active Directory access Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose Gateways, and on the Gateway page, choose the box next to the file gateway that you want to join to a domain.
Page 54
NetBios names, or hostnames of your domain server. To configure your SMB file share for guest access Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose Gateways, and on the Gateway page, choose the box next to the file gateway that you want to use for your guest file share.
Page 55
Make sure that you define the SMB file share settings for your file gateway before performing the following steps. To create an SMB file share Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. On the navigation pane, choose Shares, choose the file gateway that you want to use, and then choose Create file share.
Page 56
AWS Storage Gateway User Guide Creating a File Share On the Configure file share settings page, for Amazon S3 bucket name, provide a name for an existing Amazon S3 bucket. You use this bucket for your gateway to store files in and retrieve For Access Objects using, choose Server Message Block (SMB).
Page 57
Requester Pays Buckets. For Access to your bucket, choose the AWS Identity and Access Management (IAM) role that you want your gateway to use to access your Amazon S3 bucket. This role allows the gateway to access your S3 bucket. A file gateway can create a new IAM role and access policy on your behalf. Or, if you have an IAM role you want to use, you can specify it in the IAM role box and set up the access policy manually.
Gateway (p. 21). You can find example commands to mount your file share on the AWS Management Console. In following sections, you can find details on how to mount your file share on your client, use your share, test your file gateway, and clean up resources as needed.
Page 59
AWS Storage Gateway User Guide Using Your File Share mount –o nolock -o mtype=hard [Your gateway VM IP address]:/[S3 bucket name] [Drive letter on your windows client] For example, suppose that on a Windows client your VM's IP address is 123.123.1.2 and your Amazon S3 bucket name is test-bucket.
Page 60
AWS Storage Gateway User Guide Using Your File Share If you are a guest user, make sure that you have the guest user account password before attempting to mount the file share. To mount your SMB file share for Microsoft AD users using the net use command Make sure that you have access to the SMB file share before mounting the file share to your local...
Page 61
You can edit file share settings, edit allowed and denied users and groups, and change the guest access password from the Storage Gateway Management Console. You can also refresh the data in the file share's cache and delete a file share from the console.
Page 62
On the Amazon S3 Management Console, navigate to your mapped bucket. You should see the files and folders that you copied in the Amazon S3 bucket that you specified. You can see the file share that you created in the File shares tab in the AWS Storage Gateway Management Console.
• To troubleshoot gateway problems, see Troubleshooting Your Gateway (p. 316). • To learn about Storage Gateway metrics and how you can monitor how your gateway performs, see Monitoring Your Gateway and Resources (p. 185). Cleaning Up Resources You Don't Need If you created your gateway as an example exercise or a test, consider cleaning up to avoid incurring unexpected or unnecessary charges.
Otherwise, the service homepage appears. If you haven't created a gateway in the AWS Region you selected, choose Get started. If you already have a gateway in the AWS Region you chose, choose Gateways from the navigation pane, and then choose Create gateway.
Page 65
In contrast, thin provisioning allocates storage on demand. On-demand allocation can affect the normal functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in thick- provisioned format.
Page 66
If you don't use fixed-size provisioning, the storage is allocated on demand. On-demand allocation can affect the functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in fixed- size provisioned format.
Page 67
IP address from your gateway VM local console or your hypervisor client. For gateways deployed and activated on an Amazon EC2 instance, you can get the IP address from the Amazon EC2 console. The activation process associates your gateway with your AWS account. Your gateway VM must be running for activation to succeed.
Page 68
The following screenshot shows the activation page for a volume gateway. AWS Region specifies the AWS Region where your gateway will be activated and where your data will be stored. If Endpoint type is VPC, the AWS Region should be same as the Region where your VPC Endpoint is located.
Page 69
AWS Storage Gateway User Guide Creating a Gateway If activation fails, check that the IP address you entered is correct. If the IP address is correct, confirm that your network is configured to let your browser access the gateway VM. For other possible solutions, Troubleshooting Your Gateway (p.
You can use AWS Key Management Service (AWS KMS) to encrypt data written to a cached volume that is stored in Amazon S3. Currently, you can do this by using the AWS Storage Gateway API Reference. For more information, see...
Page 71
AWS Storage Gateway User Guide Creating a Volume If you have defined your gateway to use multiple network adapters, choose the IP address that your storage applications should use to access your volume. For information about configuring multiple network adapters, see Configuring Your Gateway for Multiple NICs (p.
Important With AWS Storage Gateway, you can connect multiple hosts to the same volume if the hosts coordinate access by using Windows Server Failover Clustering (WSFC). You can't connect multiple hosts to the same volume without using WSFC, for example by sharing a nonclustered NTFS/ext4 file system.
Page 73
AWS Storage Gateway User Guide Using Your Volume You can use the following command to install the package. sudo yum install iscsi-initiator-utils Make sure that the iSCSI daemon is running. For RHEL 5 or 6, use the following command. sudo /etc/init.d/iscsi status For RHEL 7, use the following command.
Page 74
AWS Storage Gateway User Guide Using Your Volume Initializing and Formatting Your Volume on Microsoft Windows Use the following procedure to initialize and format your volume on Windows. To initialize and format your storage volume Start diskmgmt.msc to open the Disk Management console.
Page 75
You verify the setup for a gateway by taking a snapshot backup of your volume and storing the snapshot in AWS. You then restore the snapshot to a new volume. Your gateway copies the data from the specified snapshot in AWS to the new volume.
Page 76
AWS Storage Gateway User Guide Using Your Volume This gateway should have only one storage volume. Choose the volume displays its properties. For Actions, choose Create Snapshot to create a snapshot of the volume. Depending on the amount of data on the disk and the upload bandwidth, it might take a few seconds to complete the snapshot.
Page 77
• To optimize your gateway, see Optimizing Gateway Performance (p. 287). • To learn about Storage Gateway metrics and how you can monitor how your gateway performs, see Monitoring Your Gateway and Resources (p. 185)). • To learn more about configuring your gateway's iSCSI targets to store data, see Connecting to Your Volumes to a Windows Client (p.
You can use the Storage Gateway Management Console to back up your volumes by taking Amazon EBS snapshots and storing the snapshots in AWS. You can either take an ad hoc (one-time) snapshot or set up a snapshot schedule that is managed by Storage Gateway. You can later restore the snapshot to a new volume by using the Storage Gateway console.
Page 79
Amazon EC2 instances. Benefits of Using AWS Backup to Back Up Storage Gateway Volumes The benefits of using AWS Backup to back up Storage Gateway volumes are that you can meet compliance requirements, avoid operational burden, and centralize backup management. AWS Backup enables you to do the following: •...
Page 80
If you want to create an on-demand backup of the Storage Gateway volume, choose Create on- demand backup with AWS Backup. You are directed the AWS Backup console. If you want to create a new AWS Backup plan, choose Create AWS backup plan. You are directed to the AWS Backup console.
Page 81
AWS Storage Gateway User Guide Backing Up Your Volumes On the AWS Backup console, you can create a backup plan, assign a Storage Gateway volume to the backup plan, and create a backup. You can also do ongoing backup management tasks.
Choose Restore resource to restore your volume. Note You can't use the Amazon EBS console to delete a snapshot that is created by AWS Backup. Creating a Tape Gateway In this section, you can find instructions about how to create and use a tape gateway.
Page 83
AWS Storage Gateway User Guide Creating a Gateway If you haven't created a gateway in the AWS Region you selected, choose Get started. If you already have a gateway in the AWS Region you selected, choose Gateways from the navigation pane, and then choose Create gateway.
Page 84
If you don't use fixed-size provisioning, the storage is allocated on demand. On-demand allocation can affect the functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in fixed- size provisioned format.
Page 85
To make your gateway access AWS services over the public Internet, choose Public. To make your gateway access AWS services through the VPC endpoint in your VPC, choose VPC. This walkthorough assumes that you are activating your gateway with a public endpoint. For...
Page 86
323). To configure your gateway settings The gateway type, endpoint type, and AWS Region you selected are shown on the activation page. Type the information listed on the activation page to configure your gateway settings and complete the activation process.
Page 87
• AWS Region specifies the AWS Region where your gateway will be activated and where your data will be stored. If Endpoint type is VPC, the AWS Region should be same as the Region where your VPC Endpoint is located.
Page 88
• Tape drive type specifies the type of tape drive used by this gateway. Choose Activate gateway. When the gateway is successfully activated, the AWS Storage Gateway console displays the Configure local storage page. If activation is not successful, see Troubleshooting Your Gateway (p.
You can use AWS Key Management Service (AWS KMS) to encrypt data written to a virtual tape that is stored in Amazon S3. Currently, you can do this by using the AWS Storage Gateway API Reference. For more information, see CreateTapes or create-tapes.
AWS Storage Gateway User Guide Using Your Tape Gateway Note Virtual tapes are uniquely identified by a barcode. You can add a prefix to the barcode. The prefix is optional, but you can use it to help identify your virtual tapes. The prefix must be uppercase letters (A–Z) and must be one to four characters long.
Page 91
AWS Storage Gateway User Guide Using Your Tape Gateway • Using Your Backup Software to Test Your Gateway Setup (p. 86) • Where Do I Go from Here? (p. 133) Connecting Your VTL Devices Following, you can find instructions about how to connect your virtual tape library (VTL) devices to your Microsoft Windows or Red Hat Enterprise Linux (RHEL) client.
Page 92
AWS Storage Gateway User Guide Using Your Tape Gateway Connecting to a Linux Client The following procedure shows a summary of the steps that you follow to connect to an RHEL client. To connect a Linux client to VTL devices Install the iscsi-initiator-utils RPM package.
Page 93
AWS Storage Gateway User Guide Using Your Tape Gateway Using Your Backup Software to Test Your Gateway Setup (p. 86) Using Your Backup Software to Test Your Gateway Setup You test your tape gateway setup by performing the following tasks using your backup application: 1.
Page 94
AWS Storage Gateway User Guide Using Your Tape Gateway Topics • Configuring Arcserve to Work with VTL Devices (p. 87) • Loading Tapes into a Media Pool (p. 87) • Backing Up Data to a Tape (p. 88) • Archiving a Tape (p. 88) •...
Page 95
Choose your gateway, open the context (right-click) menu for one tape, and then choose Import/ Export Slot. Assign a mail slot to load the tape. The status in the Storage Gateway console changes to Archive. The archive process might take some time.
Page 96
Configure the local Bacula Director, add storage targets, and define media pools for your tapes. Use the script provided in the Bacula whitepaper discussed preceding. Backing Up Data to Tape Create tapes in the Storage Gateway console. For information on how to create tapes, see Creating Tapes (p.
Page 97
AWS Storage Gateway User Guide Using Your Tape Gateway For example, the following command transfers tapes from I/E slot 1601 to storage slot 1. /opt/bacula/scripts/mtx-changer transfer 1601 1 Launch the Bacula console by using the following command. /opt/bacula/bin/bconsole Note When you create and transfer a tape to Bacula, use the Bacula console (bconsole) command update slots storage=VTL so that Bacula knows about the new tapes that you created.
Page 98
AWS Storage Gateway User Guide Using Your Tape Gateway /opt/bacula/scripts/mtx-changer transfer 1601 1 Use the Bacula console to update the slots, and then mount the tape. Run the restore command to restore your data. For instructions, see the Bacula documentation.
Page 99
AWS Storage Gateway User Guide Using Your Tape Gateway Leave the Device Type options selected, choose Exhaustive Detection, and then choose OK. In the Confirm Exhaustive Detection confirmation box, choose Yes. In the Device Selection dialog box, choose your library and all its drives, and then choose OK. Wait for your devices to be detected, and then choose Close to close the log report.
Page 100
AWS Storage Gateway User Guide Using Your Tape Gateway In the Do you want to Use Global Deduplication Policy? dialog box, choose your Deduplication preference, and then choose Next. From Library for Primary Copy, choose your VTL library, and then choose Next.
Page 101
AWS Storage Gateway User Guide Using Your Tape Gateway In the navigation pane of the Storage Gateway console, choose Tapes. Verify that your archived tape's status is ARCHIVED. Restoring Data from a Tape You can restore data from a tape that has never been archived and retrieved, or from a tape that has been archived and retrieved.
Page 102
AWS Storage Gateway User Guide Using Your Tape Gateway 13. In the Job History dialog box, choose OK to open the history of jobs tab. 14. Find the job that you want to restore, open the context (right-click) menu for it, and then choose Browse and Restore.
Page 103
10. Choose your library to see your tapes in the left pane and the corresponding empty volume slots list in the right pane. In this screenshot, the AWS@3.0.0 library is selected. 11. In the volume list, select the volumes you want to enable (selected volumes are highlighted), open the context (right-click) menu for the selected volumes, and then choose Deposit.
Page 104
VTL. In the Dell EMC NetWorker software, verify that the tape is no longer in the storage slot. In the navigation pane of the Storage Gateway console, choose Tapes. Verify that your archived tape's status is ARCHIVED.
Page 105
AWS Storage Gateway User Guide Using Your Tape Gateway find basic documentation on how to configure the IBM Spectrum Protect Version 7.x backup software for a tape gateway and perform backup and restore operations. For detailed information about how to use...
Page 106
AWS Storage Gateway User Guide Using Your Tape Gateway Restore the data by using the IBM Spectrum Protect backup software. You do this by creating a recovery point, as you do when restoring data from physical tapes. For instructions, see the Spectrum Protect Administrator's Guide.
Page 107
AWS Storage Gateway User Guide Using Your Tape Gateway On the Add Device tab, type a value for Device Name. For Device Type, choose SCSI Library, and then choose Next. On the next screen, do the following: For SCSI address of the library robotic, select your specific address.
Page 108
AWS Storage Gateway User Guide Using Your Tape Gateway • Load the virtual tape into media pool In the following sections, you can find steps to guide you through this process. Loading Virtual Tapes into a Tape Library Your tape library should now be listed under Devices. If you don't see it, press F5 to refresh the screen.
Page 109
AWS Storage Gateway User Guide Using Your Tape Gateway To create a media pool In the Devices & Media shelf, open the tree node for Media, open the context (right-click) menu for the Pools node, and then choose Add Media Pool.
Page 110
To eject and archive a tape Open the context (right-click) menu for that tape, and choose Eject. On the AWS Storage Gateway console, choose your gateway, and then choose VTL Tape Cartridges and verify the status of the virtual tape you are archiving.
Page 111
AWS Storage Gateway User Guide Using Your Tape Gateway Choose the file system or database system you want to restore. For the backup that you want to restore, make sure that the box is selected. Choose Restore. In the Start Restore Session window, choose Needed Media. Choose All media, and you should see the tape originally used for the backup.
Page 112
AWS Storage Gateway User Guide Using Your Tape Gateway To update the VTL device drivers • In Device Manager, update the driver for the medium changer. For instructions, see Updating the Device Driver for Your Medium Changer (p. 359). You use the DPMDriveMappingTool to map your tape drives to the DPM tape library.
Page 113
AWS Storage Gateway User Guide Using Your Tape Gateway Open the context (right-click) menu for the media changer in the Library section, and then choose Add tape (I/E port) to add a tape to the Slots list. Note The process of adding tapes can take several minutes to complete.
Page 114
I/E slots. When a tape is moved into the gateway's I/E slot, it is immediately sent for archiving. On the AWS Storage Gateway console, choose your gateway, and then choose VTL Tape Cartridges and verify the status of the virtual tape you are archiving.
Page 115
Choose the library server from the list. The library list is automatically populated. Name the library and choose OK. Choose the library to display all the properties of the Storage Gateway virtual tape library. In the Storage Targets menu, expand Backup Servers, open the context (right-click) menu for the server, and choose Attach Library.
Page 116
AWS Storage Gateway User Guide Using Your Tape Gateway Expand Backup Servers to see the Storage Gateway virtual tape library and the library partition that shows all the mounted tape drives. Creating a Tape Pool A tape pool is dynamically created in the NovaStor DataCenter/Network software and so doesn't contain a fixed number of media.
Page 117
VTL. In NovaStor DataCenter/Network, verify that the tape is no longer in the storage slot. In the navigation pane of the Storage Gateway console, choose Tapes. Verify that your archived tape's status is ARCHIVED.
Page 118
AWS Storage Gateway for storage drives and tape drives exceeds the number that NovaStor DataCenter/Network allows. Storage Gateway returns 3200 storage and import/export slots, which is more than the 2400 limit that NovaStor DataCenter/Network allows. To resolve this issue, you add a configuration file that enables the NovaStor software to limit the number of storage and import/export slots and preconfigures the...
Page 119
For additional setup information, see Backing up to Amazon AWS with Quest NetVault Backup on the Quest (formerly Dell) website. For detailed information about how to use the Quest NetVault Backup application, see the Quest NetVault Backup 10.0.1 –...
Page 120
AWS Storage Gateway User Guide Using Your Tape Gateway Topics • Configuring Quest NetVault Backup to Work with VTL Devices (p. 113) • Backing Up Data to a Tape in the Quest NetVault Backup (p. 114) • Archiving a Tape by Using the Quest NetVault Backup (p. 114) •...
Page 121
AWS Storage Gateway User Guide Using Your Tape Gateway Choose the drive you want to add to the bay that is displayed, and then choose Next. Important When you add a drive to a bay, the drive and bay numbers must match. For example, if bay 1 is displayed, you must add drive 1.
Page 122
VTL. In the Quest NetVault Backup software, verify that the tape is no longer in the storage slot. In the navigation pane of the Storage Gateway console, choose Tapes. Verify that your archived tape's status is ARCHIVED.
Page 123
AWS Storage Gateway User Guide Using Your Tape Gateway • Backing Up Data to a Tape in Veeam (p. 117) • Archiving a Tape by Using Veeam (p. 117) • Restoring Data from a Tape Archived in Veeam (p. 118) Configuring Veeam to Work with VTL Devices...
Page 124
AWS Storage Gateway User Guide Using Your Tape Gateway Importing a Tape into Veeam You are now ready to import tapes from your tape gateway into the Veeam backup application library. To import a tape into the Veeam library Open the context (right–click) menu for the medium changer, and choose Import to import the tapes to the I/E slots.
Page 125
For Exporting tape, choose Close. The location of the tape changes from Slot to Offline. On the AWS Storage Gateway console, choose your gateway, and then choose VTL Tape Cartridges and verify the status of the virtual tape you are archiving.
Page 126
AWS Storage Gateway User Guide Using Your Tape Gateway • Disabling a Tape Drive in Backup Exec (p. 122) Configuring Storage in Backup Exec After you have connected the virtual tape library (VTL) devices to the Windows client, you configure Backup Exec storage to recognize your devices.
Page 127
AWS Storage Gateway User Guide Using Your Tape Gateway Choose the Slots icon to display all slots. Note When you import tapes into the robotic library, the tapes are stored in slots instead of tape drives. Therefore, the tape drives might have a message that indicates there is no media in the drives (No media).
Page 128
Alert: Media Intervention window. In the AWS Storage Gateway console, you can verify the status of the tape you are archiving. It might take some time to finish uploading data to AWS. During this time, the exported tape is listed in the tape gateway's VTL with the status IN TRANSIT TO VTS.
Page 129
AWS Storage Gateway User Guide Using Your Tape Gateway Disabling a Tape Drive in Backup Exec A tape gateway provides 10 tape drives, but you might decide to use fewer tape drives. In that case, you disable the tape drives you don't use.
Page 130
AWS Storage Gateway User Guide Using Your Tape Gateway Choose Configure Storage Devices to open the Device Configuration wizard. Choose Next. The NetBackup application detects your computer as a device host. In the Device Hosts column, select your computer, and then choose Next. The NetBackup application scans your computer for devices and discovers all devices.
Page 131
AWS Storage Gateway User Guide Using Your Tape Gateway In the Devices node, choose Robots to display all your medium changers. In the NetBackup application, the medium changer is called a robot. In the All Robots pane, open the context (right-click) menu for TLD(0) (that is, your robot), and then choose Inventory Robot.
Page 132
For pricing information, see Pricing on the AWS Storage Gateway detail page. To create a volume pool A volume pool is a collection of virtual tapes to use for a backup.
Page 133
AWS Storage Gateway User Guide Using Your Tape Gateway Start the NetBackup Administration Console. Expand the Media node, open the context (right-click) menu for Volume Pool, and then choose New. The New Volume Pool dialog box appears. For Name, type a name for your volume pool.
Page 134
AWS Storage Gateway User Guide Using Your Tape Gateway For Volume Pool, choose New pool. For New pool, select the pool you just created, and then choose OK. You can verify that your volume pool contains the virtual tape that you just added by expanding the Media node and choosing your volume pool.
Page 135
AWS Storage Gateway User Guide Using Your Tape Gateway In the Client List window, choose Add, type the host name of your computer in the Name column, and then choose Next. This step applies the policy you are defining to localhost (your client computer).
Page 136
AWS Storage Gateway User Guide Using Your Tape Gateway 11. In the Policy Configuration wizard, choose Finish. The policy runs the backups according to the schedule. You can also perform a manual backup at any time, which we do in the next step.
Page 137
AWS Storage Gateway User Guide Using Your Tape Gateway In the Manual Backup Started dialog box that appears, choose OK. On the navigation pane, choose Activity Monitor to view the status of your backup in the Job ID column. To find the barcode of the virtual tape where NetBackup wrote the file data during the backup, look in the Job Details window as described in the following procedure.
Page 138
AWS Storage Gateway User Guide Using Your Tape Gateway To archive a virtual tape In the NetBackup Administration console, expand the Media and Device Management node, and expand the Media node. Expand Robots and choose TLD(0). Open the context (right-click) menu for the virtual tape you want to archive, and choose Eject Volume From Robot.
Page 139
Choose Close to close the Eject Volumes window. In the AWS Storage Gateway console, verify the status of the tape you are archiving in the gateway's VTL. It can take some time to finish uploading data to AWS. During this time, the ejected tape is listed in the gateway's VTL with the status IN TRANSIT TO VTS.
Gateway by Using the AWS Storage Gateway Console and Removing Associated Resources (p. 281). Delete the AWS Storage Gateway VM from your on-premises host. If you created your gateway on an Amazon EC2 instance, terminate the instance. Activating a Gateway in a Virtual Private Cloud You can create a private connection between your on-premises software appliance and cloud-based storage infrastructure.
To use a gateway with Storage Gateway VPC endpoint in your VPC, you do the following: • Use the VPC console to create a VPC endpoint for Storage Gateway and get the VPC endpoint ID. • If you are activating file gateway, you need to create a VPC endpoint for Amazon S3.
Page 142
If you are creating file gateway, you need to create an endpoint for Amazon S3 also. Follow the same steps as shown in To create a VPC endpoint for AWS Storage Gateway section above but you choose com.amazonaws.us-east-2.s3 under Service Name instead. Then you select the route table that you want the S3 endpoint associated with instead of subnet/security group.
Page 143
In contrast, thin provisioning allocates storage on demand. On-demand allocation can affect the normal functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in thick- provisioned format.
Page 144
AWS Storage Gateway User Guide Creating a Gateway Using a VPC Endpoint Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in fixed- size provisioned format. • When allocating disks, choose virtual hard disk (.vhd) file. Storage Gateway supports the .vhdx file type.
Page 145
IP address from your gateway VM local console or your hypervisor client. For gateways deployed and activated on an Amazon EC2 instance, you can get the IP address from the Amazon EC2 console. The activation process associates your gateway with your AWS account. Your gateway VM must be running for activation to succeed.
Page 146
AWS Storage Gateway User Guide Creating a Gateway Using a VPC Endpoint • TCP 1031 • TCP 2222 If you don't have an Amazon EC2 proxy, follow these steps to setup and configure a http proxy. To setup a proxy server Launch an Amazon EC2 Linux AMI.
Page 147
You now configure the http proxy for Storage Gateway to use it. When configuring the gateway to use a proxy, use the default squid port 3128. The squid conf that is generated covers the following required TCP ports by default: •...
Page 148
Activating a file gateway requires additional setup. To activate your gateway The gateway type, endpoint type, and AWS Region you selected are shown on the activation page. To complete the activation process, provide information on the activation page to configure your gateway setting: •...
Page 149
Choose Save and continue to save your configuration settings. Allow Traffic to Required Ports in Your HTTP Proxy If you are using a HTTP Proxy, you need to allow traffic from Storage Gateway to the destinations and ports listed below.
Page 150
(Required only for File Gateway) When Storage Gateway is communicating through the VPC endpoint, it communicates with the AWS services through multiple ports on the Storage Gateway VPC endpoint and port 443 on the S3 private endpoint. • TCP ports on Storage Gateway VPC endpoint.
After your file gateway is activated and running, you can add additional file shares and grant access to Amazon S3 buckets. Buckets that you can grant access to include buckets in a different AWS account than your file share. For information about how to add a file share, see Creating a File Share (p.
Page 152
You can create the role and access policy yourself, or your file gateway can create them for you. If your file gateway creates the policy for you, the policy contains a list of S3 actions. For information about roles and permissions, see Creating a Role to Delegate Permissions to an AWS Service in the IAM User Guide.
Cross-account access is when an AWS account and users for that account are granted access to resources that belong to another AWS account. With file gateways, you can use a file share in one AWS account to access objects in an Amazon S3 bucket that belongs to a different AWS account.
Page 154
file share might have already been deleted, meaning that uploading the specified data is no longer possible. In these cases, you can forcibly delete the file share by using the AWS Management Console or the DeleteFileShare API operation. This operation aborts the data upload process. When it does, the file share enters the FORCE_DELETING status.
Export as option for your file share. Possible Export as options include, for example, Read-write. To edit the file share settings Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose File shares, and then choose the file share that you want to update.
These values include Unix permissions for files and folders. You can edit the metadata defaults on the AWS Storage Gateway Management Console. When your file gateway stores files and folders in Amazon S3, the Unix file permissions are stored in object metadata.
file share. To edit NFS access settings Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose File shares, and then choose the NFS file share that you want to edit. For Actions, choose Edit share access settings.
Page 158
Active Directory domain and allows members of the domain to access the SMB file share. Note Using AWS Directory Service, you can create a hosted Active Directory domain service in the AWS Cloud. Anyone who can provide the correct password gets guest access to the SMB file share.
Page 159
Editing Access Settings for Your SMB File Share To enable Active Directory authentication Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose Gateways, and on the Gateway page, choose the box next to the file gateway that you want to enable Active Directory authentication for.
Amazon S3 bucket associated with your file share. Your gateway uses this cached inventory to reduce the latency and frequency of S3 requests. To refresh the S3 bucket for your file share, you can use the AWS Storage Gateway console or the RefreshCache operation in the AWS Storage Gateway API.
You can see file share status on the AWS Storage Gateway console. File share status appears in the Status column for each file share in your gateway. A file share that is functioning normally has the status of AVAILABLE.
The following example policy denies all roles except the role that created the bucket to write to the S3 bucket. The s3:DeleteObject and s3:PutObject actions are denied for all roles except "TestUser". The policy applies to all objects in the "arn:aws:s3:::TestBucket/*" bucket. "Version":"2012-10-17", "Statement":[...
Determining the Size of Upload Buffer to Allocate (p. 221). You can add volumes using the AWS Storage Gateway console or AWS Storage Gateway API. For information on using the AWS Storage Gateway API to add volumes, see CreateCachediSCSIVolume. For instructions on how to add a volume using the AWS Storage Gateway console, see Creating a Volume (p.
Cloning a Volume You can create a new volume from any existing cached volume in the same AWS Region. The new volume is created from the most recent recovery point of the selected volume. A volume recovery point is a point in time at which all data of the volume is consistent.
Page 165
Choose Clone from last recovery point and select a volume ID for Source volume. The source volume can be any cached volume in the selected AWS Region. Type a name for iSCSI target name. The target name can contain lowercase letters, numbers, periods (.), and hyphens (-). This target name appears as the iSCSI target node name in the Targets tab of the iSCSI Microsoft initiator UI after discovery.
Find and restore the snapshot. Viewing Volume Usage When you write data to a volume, you can view the amount of data stored on the volume in the AWS Storage Gateway Management Console. The Details tab for each volume shows the volume usage information.
As your data and performance needs grow, you might want to move your volumes to a different volume gateway. To do so, you can detach and attach a volume by using the Storage Gateway console or API. By detaching and attaching a volume, you can do the following: •...
Page 168
Moving Your Volumes to a Different Gateway When you detach a volume, your gateway uploads and stores the volume data and metadata to the AWS Storage Gateway service in AWS. You can easily attach a detached volume to a gateway on any supported host platform later.
Your snapshot is listed in the Snapshots in the same row as the volume. Editing a Snapshot Schedule For stored volumes, AWS Storage Gateway creates a default snapshot schedule of once a day. Note You can't remove the default snapshot schedule. Stored volumes require at least one snapshot schedule.
The following Java code example lists the snapshots for each volume of a gateway and whether the snapshot start time is before or after a specified date. It uses the AWS SDK for Java API for AWS Storage Gateway and Amazon EC2. The Amazon EC2 API includes operations for working with snapshots.
Page 171
AWS Storage Gateway User Guide Deleting Snapshots the view option (that is, with viewOnly set to true) to see what the code deletes. For a list of AWS service endpoints you can use with AWS Storage Gateway, see Regions and Endpoints in the AWS General Reference.
Page 172
AWS Storage Gateway User Guide Deleting Snapshots String marker = null; do { ListVolumesRequest request = new ListVolumesRequest().withGatewayARN(gatewayARN); ListVolumesResult result = sgClient.listVolumes(request); marker = result.getMarker(); for (VolumeInfo vi : result.getVolumeInfos()) volumes.add(vi); System.out.println(OutputVolumeInfo(vi)); } while (marker != null); return volumes; private static void DeleteSnapshotsForVolumes(List<VolumeInfo> volumes,...
Page 173
Run the code first with just the view option (that is, with viewOnly set to true) to see what the code deletes. For a list of AWS service endpoints you can use with AWS Storage Gateway, see...
Page 175
// Create an EC2 client. ec2Config = new AmazonEC2Config(); ec2Config.ServiceURL = "https://ec2." + AwsRegion + ".amazonaws.com"; ec2Client = new AmazonEC2Client(AwsAccessKey, AwsSecretKey, ec2Config); // Create a Storage Gateway client. sgConfig = new AmazonStorageGatewayConfig(); sgConfig.ServiceURL = "https://storagegateway." + AwsRegion + ".amazonaws.com"; sgClient = new AmazonStorageGatewayClient(AwsAccessKey, AwsSecretKey, sgConfig);...
Page 176
AWS Storage Gateway User Guide Deleting Snapshots Filter ownerFilter = new Filter(); List<String> ownerValues = new List<String>(); ownerValues.Add(OwnerID); ownerFilter.Name = "owner-id"; ownerFilter.Values = ownerValues; describeSnapshotsRequest.Filters.Add(ownerFilter); Filter statusFilter = new Filter(); List<String> statusValues = new List<String>(); statusValues.Add(SnapshotStatus); statusFilter.Name = "status"; statusFilter.Values = statusValues;...
Page 177
The following PowerShell script example lists the snapshots for each volume of a gateway and whether the snapshot start time is before or after a specified date. It uses the AWS Tools for Windows PowerShell cmdlets for AWS Storage Gateway and Amazon EC2. The Amazon EC2 API includes operations for working with snapshots.
AWS Storage Gateway User Guide Understanding Volume Status and Transitions 2) Credentials and AWS Region stored in session using Initialize-AWSDefault. For more info see, https://docs.amazonaws.cn/powershell/latest/userguide//specifying- your-aws-credentials.html .EXAMPLE powershell.exe .\SG_DeleteSnapshots.ps1 #> # Criteria to use to filter the results returned. $daysBack = 18 $gatewayARN = "*** provide gateway ARN ***"...
Page 179
You can find information following to help you decide when you need to act. You can see volume status on the AWS Storage Gateway console or by using one of the Storage Gateway API operations, for example DescribeCachediSCSIVolumes or DescribeStorediSCSIVolumes.
Page 180
331). Pass Through Data maintained locally is out of sync with data stored in AWS. Data written to a volume while the volume is in Pass Through status remains in the cache until the volume status is Bootstrapping. This data starts to upload to AWS when Bootstrapping status begins.
Page 181
221). Understanding Attachment Status You can detach a volume from a gateway or attach it to a gateway by using the Storage Gateway console or API. The following table shows volume attachment status on the Storage Gateway console. Volume attachment status appears in the Attachment status column for each storage volume on your gateway.
Page 182
AWS Storage Gateway User Guide Understanding Volume Status and Transitions Understanding Cached Volume Status Transitions Use the following state diagram to understand the most common transitions between statuses for volumes in cached gateways. You don't need to understand the diagram in detail to use your gateway effectively.
Page 183
Note The volume status of Pass Through appears as yellow in this diagram. However, this doesn't match the color of this status icon in the Status box of the Storage Gateway console. Understanding Stored Volume Status Transitions Use the following state diagram to understand the most common transitions between statuses for volumes in stored gateways.
Page 184
AWS Storage Gateway User Guide Understanding Volume Status and Transitions Color Volume Status bootstrapping. Other than the specific scenario mentioned, yellow (Pass Through status) indicates that there is a potential issue with the storage volume, the most common one being an upload buffer issue.
Note The volume status of Pass Through appears as yellow in this diagram. However, this doesn't match the color of this status icon in the Status box of the Storage Gateway console. Managing Your Tape Gateway Following, you can find information about how to manage your tape gateway resources.
Page 186
AWS Storage Gateway User Guide Adding Tapes the columns and in the Details tab of your tape library. For information about tape gateway tape limits, AWS Storage Gateway Limits (p. 395). You can create additional tapes directly in a preselected pool that represents the storage you want the tapes to be archived in.
AWS Storage Gateway User Guide Archiving Tapes Note Tapes created before March 27, 2019, are archived directly in Amazon S3 Glacier when your backup software ejects it. Archiving Virtual Tapes You can archive your tapes to Amazon S3 Glacier or DEEP_ARCHIVE. When you create a tape, you choose the archive pool that you want to use to archive your tape.
Retrieved virtual tapes are read-only. Viewing Tape Usage When you write data to a tape, you can view the amount of data stored on the tape in the AWS Storage Gateway Management Console. The Details tab for each tape shows the tape usage information.
This value is not available for tapes created before May 13, 2015. Deleting Tapes You can delete virtual tapes from your tape gateway by using the AWS Storage Gateway console. Note If the tape you want to delete from your tape gateway has a status of RETRIEVED, you must first eject the tape using your backup application before deleting the tape.
Understanding Tape Status the gateway isn't sent to AWS. You can only disable a gateway on the Storage Gateway console if the gateway is no longer connected to AWS. If the gateway is connected to AWS, you can't disable the tape gateway.
Page 191
You can use the following procedure to determine the status of a virtual tape in an archive. To determine the status of a virtual tape Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. In the navigation pane, choose Tapes. In the Status column of the tape library grid, check the status of the tape.
AWS cloud. With metrics, you can track the health of your gateway and set up alarms to notify you when one or more metrics fall outside a defined threshold.
Page 193
AWS Storage Gateway User Guide AWS Storage Gateway Metrics The following table describes the AWS Storage Gateway metrics that you can use to get information about your gateways. Specify the GatewayId or GatewayName dimension for each metric to view the data for a gateway.
Page 194
AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL Units: Bytes The total number of CloudDownloadLatency milliseconds spent reading data from AWS during the reporting period. Use this metric with the Average statistic to measure latency.
Page 195
AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL The total number of UploadBufferUsed bytes being used in the gateway's upload buffer. The sample is taken at the end of the reporting period. Units: Bytes...
Page 196
AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL ReadTime The total number of milliseconds spent to do read operations from your on-premises applications in the reporting period for all volumes in the gateway. Use this metric with the Average statistic to measure latency.
Page 197
AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL The total number WriteTime of milliseconds spent to do write operations from your on-premises applications in the reporting period for all volumes in the gateway. Use this metric with the Average statistic to measure latency.
Page 198
AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL The total amount of WorkingStorageFree unused space in the gateway's working storage. The sample is taken at the end of the reporting period. Note Working storage...
Page 199
AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL Percent use of the WorkingStoragePercentUsed gateway's upload buffer. The sample is taken at the end of the reporting period. Note Working storage applies only to the...
Page 200
UploadBufferUsed. Units: Bytes The following table describes the AWS Storage Gateway metrics that you can use to get information about your storage volumes. Specify the VolumeId dimension for each metric to view the data for a storage volume. Metric...
Page 201
AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored This metric applies only to cached volumes. The sample is taken at the end of the reporting period. When there are no application read operations from the volume, this metric reports 100 percent.
Page 202
AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored The total number of bytes ReadBytes read from your on-premises applications in the reporting period. Use this metric with the Sum statistic to measure throughput and with the Samples statistic to measure IOPS.
The WorkingStoragePercentUsed, WorkingStorageUsed, and WorkingStorageFree metrics represent the upload buffer for the stored volumes setup only before the release of the cached-volume feature in Storage Gateway. Now you should use the equivalent upload buffer metrics UploadBufferPercentUsed, UploadBufferUsed, and UploadBufferFree. These metrics apply to both gateway architectures.
Page 204
Choose Create Alarm to start the Create Alarm Wizard. Specify a metric for your alarm. On the Select Metric page of the Create Alarm Wizard, choose the AWS/ StorageGateway:GatewayId,GatewayName dimension, and then find the gateway that you want to work with.
AWS Storage Gateway User Guide Monitoring Cache Storage Confirm your subscription by clicking the link in the email. A subscription confirmation appears. Monitoring Cache Storage You can find information following about how to monitor a gateway's cache storage and how to create an alarm so that you get a notification when parameters of the cache pass specified thresholds.
Create a target such as an Amazon SNS topic or Lambda function to invoke when the event you requested in AWS Storage Gateway is triggered. Create a rule in the Amazon CloudWatch Events Console to invoke targets based on an event in AWS Storage Gateway.
Page 207
Getting Notified About File Operations The following example shows a rule that triggers the specified event type in the specified gateway and in the specified AWS Region. For example, you could specify the Storage Gateway File Upload Event as the event type.
Page 208
A description of the of the event that triggered the notification that was sent. source The AWS service that is the source of the request and notification. account The id of the AWS account where the request and notification were generated from.
Page 209
A description of the type of the event that triggered notification that was sent. source The AWS service that is the source of the request and notification. account The id of the AWS account where the request and notification were generated from.
["/"]. Understanding File Share Metrics You can find information following about the Storage Gateway metrics that cover file shares. Each file share has a set of metrics associated with it. Some file share-specific metrics have the same name as certain gateway-specific metrics. These metrics represent the same kinds of measurements but are scoped to the file share instead.
AWS cloud. With metrics, you can track the health of your gateway and set up alarms to notify you when one or more metrics fall outside a defined threshold.
Guide. Using Amazon CloudWatch Metrics You can get monitoring data for your gateway using either the AWS Management Console or the CloudWatch API. The console displays a series of graphs based on the raw data from the CloudWatch API. You can also use the CloudWatch API through one of the...
When you use the correct aggregation statistic, you can use Storage Gateway metrics to measure these values. A statistic is an aggregation of a metric over a specified period of time. When you view the values of a...
Storage Gateway is performing. These three values can be measured using the Storage Gateway metrics provided for you when you use the correct aggregation statistic. The following table summarizes the metrics and corresponding statistic to use to measure the throughput, latency, and input/output operations per second (IOPS) between your gateway and AWS.
Page 215
Divide this value by the Period value (5 minutes) to get the throughput at that sample point. For the point highlighted, the throughput from the gateway to AWS is 555,544,576 bytes divided by 300 seconds, which is 1.7 megabytes per second.
Page 216
Choose Alarms. Choose Create Alarm to start the Create Alarm Wizard. Choose the Storage Gateway dimension, and find the gateway that you want to work with. Choose the CloudBytesUploaded metric. To define the alarm, define the alarm state when the CloudBytesUploaded metric is greater than or equal to a specified value for a specified time.
Choose Create Alarm. Understanding Volume Metrics You can find information following about the Storage Gateway metrics that cover a volume of a gateway. Each volume of a gateway has a set of metrics associated with it. Note that some volume-specific metrics have the same name as certain gateway-specific metrics.
Page 218
AWS Storage Gateway User Guide Understanding Volume Metrics Metric Description Cached volumes Stored volumes Understanding Gateway Metrics (p. 185). Units: Percent The volume's CachePercentUsed contribution to the overall percent use of the gateway's cache storage. The sample is taken at the end of the reporting period.
In this section, you can find information about how to monitor your tape gateway, virtual tapes associated with your tape gateway, cache storage, and the upload buffer. You use the AWS Management Console to view metrics for your tape gateway. With metrics, you can track the health of your tape gateway and set up alarms to notify you when one or more metrics are outside a defined threshold.
Using Amazon CloudWatch Metrics Using Amazon CloudWatch Metrics You can get monitoring data for your tape gateway by using either the AWS Management Console or the CloudWatch API. The console displays a series of graphs based on the raw data from the CloudWatch API.
Page 221
Sum CloudWatch statistic. For example, the Sum value of the CloudBytesDownloaded metric over a sample period of 5 minutes divided by 300 seconds gives you the throughput from AWS to the tape gateway as a rate in bytes per second.
Logging Storage Gateway API Calls with AWS CloudTrail AWS Storage Gateway is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Storage Gateway. CloudTrail captures all API calls for Storage API Version 2013-06-30...
A trail enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify.
VM. Although this section focuses on starting and stopping your gateway using the AWS Storage Gateway Management Console, you can also and stop your gateway by using your VM local console or AWS Storage Gateway API. When you power on your VM, remember to restart your gateway.
If the gateway was uploading data when it was stopped, the upload will resume when you start the gateway. To start a volume or tape gateway Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. In the navigation pane, choose Gateways and then choose the gateway to start. The status of the gateway is Shutdown.
BOOTSTRAPPING status. In this status, any new data that was persisted locally is uploaded to AWS. Finally, the volume returns to ACTIVE status. Storage Gateway then resumes normal synchronization of the data stored locally with the copy stored in AWS, and you can start taking new snapshots.
AWS Storage Gateway User Guide Sizing Cache Storage any of your volume data to its upload buffer and does not upload any of this data to AWS until Storage Gateway synchronizes the data stored locally with the copy of the data stored in AWS.
Volumes for Your Gateway Hosted on Amazon EC2 (p. 356). You configure this disk as an upload buffer or cache storage. Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. In the navigation pane, choose Gateways. In the Actions menu, choose Edit local disks.
You can now restart or stop the file gateway without risk of losing any data. Managing Bandwidth for Your Gateway You can limit (or throttle) the upload throughput from the gateway to AWS or the download throughput from your AWS to your gateway. Using bandwidth throttling helps you to control the amount of network bandwidth used by your gateway.
The following example demonstrates how to update a gateway's bandwidth rate limits using the AWS SDK for Java. To use the example code, you should be familiar with running a Java console application. For more information, see...
The following C# code example updates a gateway's bandwidth rate limits. You need to update the code and provide the service endpoint, your gateway Amazon Resource Name (ARN), and the upload and download limits. For a list of AWS service endpoints you can use with AWS Storage Gateway, see Regions and Endpoints in the AWS General Reference.
The following example demonstrates how to update a gateway's bandwidth rate limits using the AWS Tools for Windows PowerShell. To use the example code, you should be familiar with running a PowerShell script. For more information, see...
Before any update is applied to your gateway, AWS notifies you with a message on the Storage Gateway console and your AWS Personal Health Dashboard. For more information, see AWS Personal Health Dashboard.
These default login credentials give you access to menus where you can configure gateway network settings and change the password from the local console. AWS Storage Gateway enables you to set your own password from the Storage API Version 2013-06-30...
Page 237
We recommend that you always set a new password immediately after you create your new gateway. You can set this password from the AWS Storage Gateway console rather than the local console if you want. You don't need to know the default password to set a new password.
Page 238
HTTP proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, AWS Storage Gateway routes all HTTP traffic through your proxy server. For information about network requirements for your gateway, see Network and Firewall Requirements (p.
Page 239
• For more information on logging in to the Microsoft Hyper-V local console, see Access the Gateway Local Console with Microsoft Hyper-V (p. 274). On the AWS Appliance Activation - Configuration main menu, enter 2 to begin configuring your network. API Version 2013-06-30...
Page 240
AWS Storage Gateway User Guide Performing Tasks on the VM Local Console (File Gateway) On the Network Configuration menu, choose one of the following options. Do This Get information about your network adapter Enter 1. A list of adapter names appears, and you are prompted to enter an adapter name—for...
Page 241
• Secondary DNS address Important If your gateway has already been activated, you must shut it down and restart it from the Storage Gateway console for the settings to take effect. For more information, see Shutting Down Your Gateway VM (p.
Page 242
• For more information on logging in to the Microsoft Hyper-V local console, see Access the Gateway Local Console with Microsoft Hyper-V (p. 274). On the AWS Appliance Activation - Configuration main menu, enter 3 to begin testing network connectivity. API Version 2013-06-30...
Page 243
Each endpoint in the selected AWS Region displays either a PASSED or FAILED message, as shown following. • If you selected VPC (PrivateLink), each VPC endpoint (DNS/IP) in the AWS Region displays either a PASSED or FAILED message, as shown following.
Page 244
Gateway Local Console with Microsoft Hyper-V (p. 274). In the AWS Appliance Activation - Configuration main menu, enter 4 to view the results of a system resource check. The console displays an [OK], [WARNING], or [FAIL] message for each resource as described in the table following.
Page 245
Access the Gateway Local Console with Microsoft Hyper-V (p. 274). In the AWS Appliance Activation - Configuration main menu, enter 5 to manage your system's time. In the System Time Management menu, choose one of the following options. Do This View and synchronize your VM time with NTP Enter 1.
Page 246
Your NTP server configuration is displayed. Running Storage Gateway Commands on the Local Console The VM local console in Storage Gateway helps provide a secure environment for configuring and diagnosing issues with your gateway. Using the local console commands, you can perform maintenance tasks such as saving routing tables, connecting to AWS Support, and so on.
Page 247
To learn about a command, enter the command name at the command prompt. Configuring Network Adapters for Your Gateway By default, AWS Storage Gateway is configured to use the E1000 network adapter type, but you can reconfigure your gateway to use the VMXNET3 (10 GbE) network adapter. You can also configure Storage Gateway so it can be accessed by more than one IP address.
Page 248
Performing Tasks on the VM Local Console (File Gateway) Configuring Your Gateway to Use the VMXNET3 Network Adapter AWS Storage Gateway supports the E1000 network adapter type in both VMware ESXi and Microsoft Hyper-V Hypervisor hosts. However, the VMXNET3 (10 GbE) network adapter type is supported in VMware ESXi hypervisor only.
Page 249
AWS Storage Gateway User Guide Performing Tasks on the VM Local Console (File Gateway) After your gateway restarts, reconfigure the adapter you just added to make sure that network connectivity to the internet is established. To configure the adapter for the network In the VSphere client, choose the Console tab to start the local console.
Page 250
Performing Tasks on the VM Local Console (File Gateway) If your gateway is already activated, you must shut it down and restart it from the AWS Storage Gateway Management Console. After the gateway restarts, you must test network connectivity to the internet.
Log in to your local console. If you are connecting to your EC2 instance from a Windows computer, log in as admin. After you log in, you see the AWS Appliance Activation - Configuration main menu, as shown in the following screenshot.
Page 252
If your gateway must use a proxy server to communicate to the internet, then you need to configure the HTTP proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, AWS Storage Gateway routes all HTTPS traffic through your proxy server.
Page 253
AWS Storage Gateway User Guide Performing Tasks on the EC2 Local Console (File Gateway) Choose one of the following options in the AWS Appliance Activation - Configuration HTTP Proxy Configuration menu. Do This Configure an HTTP proxy Enter 1. You need to supply a host name and port to complete configuration.
Page 254
Logging In to Your Amazon EC2 Gateway Local Console (p. 244). On the AWS Appliance Activation - Configuration main menu, enter 2 to begin configuring your DNS server. On the Network Configuration menu, choose one of the following options. API Version 2013-06-30...
Page 255
Log in to your gateway's local console. For instructions, see Logging In to Your Amazon EC2 Gateway Local Console (p. 244). In the AWS Storage Gateway Configuration main menu, enter 3 to begin testing network connectivity. The console displays the available AWS Regions. Choose option 1 for Storage Gateway.
Page 256
Log in to your gateway's local console. For instructions, see Logging In to Your Amazon EC2 Gateway Local Console (p. 244). In the AWS Storage Gateway Configuration main menu, enter 4 to view the results of a system resource check. API Version 2013-06-30...
Page 257
Running Storage Gateway Commands on the Local Console The AWS Storage Gateway console helps provide a secure environment for configuring and diagnosing issues with your gateway. Using the console commands, you can perform maintenance tasks such as saving routing tables or connecting to AWS Support.
Page 258
Local Console (p. 244). In the AWS Appliance Activation Configuration main menu, enter 5 for Gateway Console. In the command prompt, enter h, and then press the Return key. The console displays the AVAILABLE COMMANDS menu with the available commands. After the menu, a gateway console prompt appears, as shown in the following screenshot.
Storage Gateway enables you to set your own password from the AWS Storage Gateway console instead of changing the password from the local console. You don't need to know the default password to set a new password.
Page 260
We recommend that you always set a new password immediately after you create your new gateway. You can set this password from the AWS Storage Gateway console rather than the local console if you want. You don't need to know the default password to set a new password.
Page 261
SOCKS or HTTP proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, AWS Storage Gateway routes all HTTP traffic through your proxy server. For information about network requirements for your gateway, see Network and Firewall Requirements (p.
Page 262
Accessing the Gateway Local Console with VMware ESXi (p. 273). • Microsoft Hyper-V—for more information, see Access the Gateway Local Console with Microsoft Hyper-V (p. 274). On the AWS Storage Gateway Configuration main menu, type 1 to begin configuring the HTTP proxy. API Version 2013-06-30...
Page 263
AWS Storage Gateway User Guide Performing Tasks on the VM Local Console (Volume and Tape Gateways) Choose one of the following options on the AWS Storage Gateway HTTP Proxy Configuration menu: Do This Configure a HTTP proxy Type option 1.
Page 264
Access the Gateway Local Console with Microsoft Hyper-V (p. 274). On the AWS Storage Gateway Configuration main menu, type option 2 to begin configuring a static IP address. Choose one of the following options on the AWS Storage Gateway Network Configuration menu:...
Page 265
AWS Storage Gateway User Guide Performing Tasks on the VM Local Console (Volume and Tape Gateways) Do This • Gateway IP address • DHCP enabled status You use the same adapter name when you configure a static IP address (option 3) as when you set your gateway's default route adapter (option 5).
Page 266
• Secondary DNS address Important If your gateway has already been activated, you must shut it down and restart it from the AWS Storage Gateway console for the settings to take effect. For more information, see Shutting Down Your Gateway VM (p.
Page 267
All network interfaces are set to use DHCP. Important If your gateway has already been activated, you must shut down and restart your gateway from the AWS Storage Gateway console for the settings to take effect. For more information, Shutting Down Your Gateway VM (p. 219).
Page 268
On the AWS Storage Gateway Configuration main menu, type option 3 to begin testing network connectivity. The console displays the available regions. Select the region you want to test. For example, us-east-2. For supported AWS Regions and a list of AWS service endpoints you can use with Storage Gateway, see Regions and Endpoints in the AWS General Reference.
Page 269
Hyper-V (p. 274). On the AWS Storage Gateway Configuration main menu, type option 5 for Gateway Console. On the AWS Storage Gateway console, type h, and then press the Return key. The console displays the Available Commands menu with the available commands and after the menu a Gateway Console prompt, as shown in the following screenshot.
Page 270
Access the Gateway Local Console with Microsoft Hyper-V (p. 274). In the AWS Storage Gateway Configuration main menu, type 6 to view the results of a system resource check. The console displays an [OK], [WARNING], or [FAIL] message for each resource as described in the table following.
Page 271
Console (Volume and Tape Gateways) Configuring Network Adapters for Your Gateway By default, AWS Storage Gateway is configured to use the E1000 network adapter type, but you can reconfigure your gateway to use the VMXNET3 (10 GbE) network adapter. You can also configure Storage Gateway so it can be accessed by more than one IP address.
Page 272
AWS Storage Gateway User Guide Performing Tasks on the VM Local Console (Volume and Tape Gateways) To remove the default E1000 adapter and configure your gateway to use the VMXNET3 adapter In VMware, open the context (right-click) menu for your gateway and choose Edit Settings.
Page 273
At the Enter the adapter prompt, type eth0, and then press Enter to continue. The only adapter available is eth0. If your gateway is already activated, you must shut it down and restart it from the AWS Storage Gateway Management Console. After the gateway restarts, you must test network connectivity to the Internet.
AWS, then iSCSI traffic for that target and AWS traffic will flow through the same adapter. When you configure one adapter to connect to the AWS Storage gateway console and then add a second adapter, storage gateway automatically configures the route table to use the second adapter as the preferred route.
Page 275
SOCKS proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, AWS Storage Gateway will route all HyperText Transfer Protocol Secure (HTTPS) traffic through your proxy server.
Page 276
AWS Storage Gateway User Guide Performing Tasks on the EC2 Local Console (Volume and Tape Gateways) Choose one of the following options in the AWS Storage Gateway SOCKS Proxy Configuration menu: Do This Configure a SOCKS proxy Type 1. You need to supply a host name and port to complete configuration.
Page 277
Console (Volume and Tape Gateways) The console displays the available regions. Select the region you want to test. For example, us-east-2. For supported AWS Regions and a list of AWS service endpoints you can use with Storage Gateway, see Regions and Endpoints in the AWS General Reference.
Page 278
Log in to your gateway's local console. For instructions, see Logging In to Your Amazon EC2 Gateway Local Console (p. 267). In the AWS Storage Gateway Configuration main menu, type 4 to view the results of a system resource check. API Version 2013-06-30...
Page 279
The resource has passed the system resource check. [WARNING] The resource does not meet the recommended requirements, but your gateway will continue to function. AWS Storage Gateway displays a message that describes the results of the resource check. [FAIL] The resource does not meet the minimum requirements.
AWS Storage Gateway User Guide Accessing the Gateway Local Console Accessing the Gateway Local Console How you access your VM's local console depends on the type of the Hypervisor you deployed your gateway VM on. In this section, you can find information on how to access the VM local console using VMware ESXi and Microsoft Hyper-V Manager.
Page 281
AWS Storage Gateway User Guide Accessing the Gateway Local Console To log in using the default credentials, continue to the procedure Logging in to the Local Console Using Default Credentials (p. 252). Access the Gateway Local Console with Microsoft Hyper-V To access your gateway's local console (Microsoft Hyper-V) In the Virtual Machines list of the Microsoft Hyper-V Manager, select your gateway VM.
AWS Storage Gateway User Guide Configuring Network Adapters for Your Gateway After a few moments, the VM is ready for you to log in. To log in default credentials, continue to the procedure Logging in to the Local Console Using Default Credentials (p.
Page 283
AWS Storage Gateway User Guide Configuring Network Adapters for Your Gateway The VM can remain turned on for this procedure. In the client, open the context (right-click) menu for your gateway VM, and choose Edit Settings. On the Hardware tab of the Virtual Machine Properties dialog box, choose Add to add a device.
Page 284
In the Network Type pane, ensure that Connect at power on is selected for Type, and then choose Next. We recommend that you use the E1000 network adapter with Storage Gateway. For more information on the adapter types that might appear in the adapter list, see Network Adapter...
Page 285
The following image is for illustration only. In practice, one of the IP addresses will be the address by which the gateway communicates to AWS and the other will be an address in a different subnet. API Version 2013-06-30...
Page 286
(p. 220). In the Navigation pane of the Storage Gateway console, choose Gateways and choose the gateway to which you added the adapter. Confirm that the second IP address is listed in the Details tab. For information about local console tasks common to VMware and Hyper-V host, see Performing Tasks on the VM Local Console (Volume and Tape Gateways) (p.
Page 287
AWS Storage Gateway User Guide Configuring Network Adapters for Your Gateway In the Settings dialog box for the VM, for Hardware, choose Add Hardware. In the Add Hardware pane, choose Network Adapter, and then choose Add to add a device.
You can delete a gateway using the Storage Gateway console or programmatically. You can find information following about how to delete a gateway using the Storage Gateway console. If you want to programmatically delete your gateway, see AWS Storage Gateway API Reference.
VM to activate a new gateway. To delete a gateway Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. In the navigation pane, choose Gateways, and then choose the gateway you want to delete. On the Actions menu, choose Delete gateway.
Page 290
When you delete a tape gateway, you can encounter one of two scenarios. • The tape gateway is connected to AWS – If the tape gateway is connected to AWS and you delete the gateway, the iSCSI targets associated with the gateway (that is, the virtual tape drives and media changer) will no longer be available.
If you want to delete a gateway that you deployed on an Amazon EC2 instance, we recommend that you clean up the AWS resources that were used with the gateway, specifically the Amazon EC2 instance, any Amazon EBS volumes, and also tapes if you deployed a tape gateway. Doing so helps avoid unintended usage charges.
AWS Storage Gateway User Guide Performance Guidance for File Gateways Performance In this section, you can find information about AWS Storage Gateway performance. Topics • Performance Guidance for File Gateways (p. 285) • Performance Guidance for Tape Gateways (p. 286) •...
AWS Storage Gateway User Guide Performance Guidance for Tape Gateways Performance Guidance for Tape Gateways In this section, you can find configuration guidance for provisioning hardware for your tape gateway VM. The Amazon EC2 instance sizes and types that are listed in the table are examples, and are provided for reference.
VMs. Providing enough CPU resources has the general effect of improving throughput. AWS Storage Gateway supports using 24 CPUs in your gateway host server. You can use 24 CPUs to significantly improve the performance of your gateway. We recommend the following gateway configuration for your gateway host server:...
AWS Storage Gateway User Guide Use a Larger Block Size for Tape Drives Back gateway virtual disks with separate physical disks When you provision gateway disks, we strongly recommend that you don't provision local disks for the upload buffer and cache storage that use the same underlying physical storage disk. For example, for VMware ESXi, the underlying physical storage resources are represented as a data store.
Page 296
(for more information on these metrics, see Measuring Performance Between Your Tape Gateway and AWS (p. 213)). For your application, compare the measured throughput with the desired throughput. If the measured throughput is less than the desired throughput, then increasing the bandwidth between your application and gateway can improve performance if the network is the bottleneck.
Creating Gateway in a Virtual Private Cloud If you use Amazon Virtual Private Cloud (Amazon VPC) to host your AWS resources, you can establish a connection between your virtual private cloud (VPC) and file gateway. You can then use this gateway to establish a connection between your IT environment and the AWS storage infrastructure without going over the public internet.
Configure CHAP credentials dialog box. To configure CHAP credentials In the AWS Storage Gateway Console, choose Volumes and select the volume for which you want to configure CHAP credentials.
To add CHAP credentials In the AWS Storage Gateway Console, choose Volumes and select the volume for which you want to add CHAP credentials. On the Actions menu, choose Configure CHAP authentication.
(CMKs) as the KMS key. The CMK that you use to encrypt your tape data can't be changed after the tape is created. For information on using the Storage Gateway API to encrypt data written to a virtual tape, see CreateTapes in the AWS Storage Gateway API Reference.
IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user in that it is an AWS identity with permissions policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.
Access Control • AWS service access – A service role is an IAM role that a service assumes to perform actions in your account on your behalf. When you set up some AWS service environments, you must define a role for the service to assume.
Overview of Managing Access Permissions to Your AWS Storage Gateway Every AWS resource is owned by an AWS account, and permissions to create or access a resource are governed by permissions policies. An account administrator can attach permissions policies to IAM identities (that is, users, groups, and roles), and some services (such as AWS Lambda) also support attaching permissions policies to resources.
Page 304
Overview of Managing Access ID to lowercase to use it with the EC2 API. For example, in Storage Gateway the ID for a volume might be vol-1122AABB. When you use this ID with the EC2 API, you must change it to vol-1122aabb.
Page 305
B. Doing this allows users in Account B to create or access resources in Account A. The principal in the trust policy can also be an AWS service principal if you want to grant an AWS service permissions to assume the role.
• Resource – In a policy, you use an Amazon Resource Name (ARN) to identify the resource to which the policy applies. For Storage Gateway resources, you always use the wildcard character (*) in IAM policies. For more information, see AWS Storage Gateway Resources and Operations (p.
Page 307
EC2 actions don't support resource-level permissions, the policy specifies the wildcard character (*) as the Resource value instead of specifying a gateway ARN. For a table showing all of the Storage Gateway API actions and the resources that they apply to, see Storage Gateway API Permissions: Actions, Resources, and Conditions Reference (p.
Page 308
You can review these permissions policies by signing in to the IAM console and searching for specific policies there. You can also create your own custom IAM policies to allow permissions for AWS Storage Gateway API actions. You can attach these custom policies to the IAM users or groups that require those permissions.
Page 309
Using Identity-Based Policies (IAM Policies) Example 1: Allow Any Storage Gateway Actions on All Gateways The following policy allows a user to perform all the Storage Gateway actions. The policy also allows the user to perform Amazon EC2 actions (DescribeSnapshots and DeleteSnapshot) on the Amazon EBS snapshots generated from Storage Gateway.
Page 310
"arn:aws:storagegateway:us-west-2:123456789012:gateway/gateway-id/*" The preceding policy works if the user to which the policy is attached uses either the API or an AWS SDK to access the gateway. However, if the user is going to use the Storage Gateway console, you must also grant permissions to allow the ListGateways action, as shown in the following example: "Version": "2012-10-17",...
Page 311
"Resource": "*" The preceding policy works if the user to whom the policy is attached uses either the API or an AWS SDK to access the volume. However, if this user is going to use the AWS Storage Gateway console, you must also grant permissions to allow the ListGateways action, as shown in the following example: "Version": "2012-10-17",...
"Resource": "*" The preceding policy works if the user to whom the policy is attached uses either the API or an AWS SDK to access the gateway. However, if this user plans to use the AWS Storage Gateway console, you must grant additional permissions as described in Example 3: Allow Access to a Specific Gateway (p.
Page 313
AWS Storage Gateway User Guide Using Tags to Control Access to File Gateway Resources Controlling Access Based on Tags on a Resource You can use the tags on a file gateway resource to control what actions a user or role can perform on the resource.
file share by using the UpdateSMBFileShare operation with the Storage Gateway SDK or the AWS CLI. • When ACLs are enabled, the ACL information is persisted in Amazon S3 object metadata. • The gateway preserves up to 10 ACLs per file or folder.
Page 315
You can enable inheritance for file shares created after May 8, 2019. If you enable inheritance and update the permissions recursively, Storage Gateway updates all the objects in the S3 bucket. Depending on the number of objects in the bucket, the update can take a while to complete.
Storage Gateway API operation, the corresponding actions for which you can grant permissions to perform the action, and the AWS resource for which you can grant the permissions. You specify the actions in the policy's Action field, and you specify the resource value in the policy's Resource field.
Page 322
AWS Storage Gateway User Guide Storage Gateway API Permissions Reference Related Topics • Access Control (p. 295) • Customer Managed Policy Examples (p. 301) API Version 2013-06-30...
The following table lists typical issues that you might encounter working with your on-premises gateways. Topics • Enabling AWS Support To Help Troubleshoot Your Gateway Hosted On-Premises (p. 318) Issue Action to Take You cannot find the IP Use the hypervisor client to connect to your host to find the gateway IP address of your gateway.
Page 324
Synchronizing Your Gateway VM Time (p. 261). • After performing these steps, you can retry the gateway deployment using the AWS Storage Gateway console and the Setup and Activate Gateway wizard. • Check that your VM has at least 7.5 GB of RAM. Gateway allocation fails if there is less than 7.5 GB of RAM.
By default, AWS Support access to your gateway is disabled. You enable this access through the host's local console. To give AWS Support access to your gateway, you first log in to the local console for the host, navigate to the storage gateway's console, and then connect to the support server.
Page 326
AWS Storage Gateway. You must allow TCP port 22 to initiate a support channel to AWS. When you connect to customer support, Storage Gateway assigns you a support number. Make a note of your support number.
Type exit to log out of the AWS Storage Gateway console. Follow the prompts to exit the local console. Troubleshooting Your Microsoft Hyper-V Setup The following table lists typical issues that you might encounter when deploying AWS Storage Gateway on the Microsoft Hyper-V platform. Issue...
Page 328
AWS Storage Gateway User Guide Troubleshooting Your Microsoft Hyper-V Setup Issue Action to Take You try to import a gateway If you have already deployed a gateway and you try to reuse the and receive the error default folders that store the virtual hard disk files and virtual machine message: "Import failed.
Page 329
CPUs for the gateway and the available CPUs on the host. Ensure that message "The child the VM CPU count is supported by the underlying hypervisor. partition processor setting For more information about the requirements for AWS Storage is incompatible with parent Gateway, see Requirements (p.
AWS Storage Gateway AMI should start with the text aws-storage-gateway- ami. • If you have several instances based on the AWS Storage Gateway AMI, check the instance launch time to find the correct instance. API Version 2013-06-30...
In this case, you need to activate a new gateway. You can view the throughput to and from your gateway from the Amazon CloudWatch console. For more information about measuring throughput to and from your gateway to AWS, see Measuring Performance Between Your Gateway and AWS (p.
Amazon EC2 Security Groups in the Amazon EC2 User Guide. To let AWS Support connect to your gateway, you first log in to the local console for the Amazon EC2 instance, navigate to the storage gateway's console, and then provide the access.
AWS Storage Gateway. You must allow TCP port 22 to initiate a support channel to AWS. When you connect to customer support, Storage Gateway assigns you a support number. Make a note of your support number.
How Do You Perform a Factory Reset? How Do You Perform a Factory Reset? If you need to perform a factory reset on your appliance, contact the AWS Storage Gateway Hardware Appliance team for support, as described in the Support section following.
The assigned port number should appear within 30 seconds, if there are no network connectivity or firewall issues. Note the port number and provide it to AWS Support. Troubleshooting File Share Issues You can find information following about actions to take if you experience unexpected issues with your file share.
Multiple Different Access Methods 2. If the Amazon S3 bucket exists, then verify that AWS Security Token Service is enabled in the region where you are creating the file share. If a security token is not enabled, you should enable it. For...
file share. You can also update KMS settings for your file share by using the UpdateNFSFileShare or UpdateSMBFileShare API operation. This update applies to objects stored in the Amazon S3 buckets after the update. For more information, see Encrypting Your Data Using AWS Key Management Service (p. 293).
IRRECOVERABLE, you can no longer use this volume. You can try to delete the volume in the AWS Storage Gateway console. If there is data on the volume, then you can recover the data when you create a new volume based on the local disk of the VM that was initially used to create the volume. When you create the new volume, select Preserve existing data.
And You Want to Recover Your Data For cached volumes, if the AWS Storage Gateway console indicates that your volume has a status of IRRECOVERABLE, you can no longer use this volume. If there is data on the volume, you can create a snapshot of the volume and then recover your data from the snapshot or you can clone the volume from the last recovery point.
Summary tab. You can find the Host IP address for a storage volume in the AWS Storage Gateway console in the Details tab for the volume. A discrepancy in the IP address can occur, for example, when you assign a new static IP address to your gateway.
AWS Storage Gateway User Guide A Cache Disk in Your Gateway Encounters a Failure shown in Shutting Down Your Gateway VM (p. 219). After the restart, the Host IP address in the ISCSI Target Info tab for a storage volume should match an IP address shown in the vSphere client on the Summary tab for the gateway.
10. For Gateway, choose the tape gateway you want to recover the virtual tape to. 11. Choose Create recovery tape. 12. Delete the failed tape gateway so you don't get charged. For instructions, see Deleting Your Gateway by Using the AWS Storage Gateway Console and Removing Associated Resources (p. 281). API Version 2013-06-30...
Page 343
For example, an error can occur when a disk is corrupted or removed from the gateway. The AWS Storage Gateway console displays a message about the error. In the error message, Storage Gateway prompts you to take one of two actions that can recover your tapes: •...
Troubleshooting Irrecoverable Tapes If your virtual tape fails unexpectedly, AWS Storage Gateway sets the status of the failed virtual tape to IRRECOVERABLE. The action you take depends on the circumstances. You can find information following on some issues you might find, and how to troubleshoot them.
Important AWS Storage Gateway doesn’t support recovering a gateway VM from a snapshot that is created by your hypervisor or from your Amazon EC2 ami. If your gateway VM malfunctions, activate a new gateway and recover your data to that gateway using the instructions following.
Recovering Your Data from a Malfunctioning Gateway or VM If your gateway or virtual machine malfunctions, you can recover data that has been uploaded to AWS and stored on a volume in Amazon S3. For cached volumes gateways, you recover data from a recovery snapshot.
If you can repair the file system, you can then recover your data from the volumes on the file system, as described following: 1. Shut down your virtual machine and use the AWS Storage Gateway Management Console to create a recovery snapshot. This snapshot represents the most current data stored in AWS.
AWS Storage Gateway User Guide Recovering Your Data From An Inaccessible Data Center 10. T ype /sbin/fsck to run this command manually from the prompt, to check and repair your file system. 11. W hen the file system check and repair is complete, reboot the instance. The grub settings will revert to the original values, and the gateway will boot up normally.
Page 349
AWS Storage Gateway User Guide Recovering Your Data From An Inaccessible Data Center Mount your file share on your client and map it to the Amazon S3 bucket that contains the data that you want to recover. For more information, see Using Your File Share (p.
Additional AWS Storage Gateway Resources In this section, you can find information about AWS and third-party software, tools, and resources that can help you set up or manage your gateway, and also about AWS Storage Gateway limits. Topics • Host Setup (p. 343) •...
Page 351
AWS Storage Gateway User Guide Configuring VMware for Storage Gateway Synchronizing VM Time with Host Time To successfully activate your gateway, you must ensure that your VM time is synchronized to the host time, and that the host time is correctly set. In this section, you first synchronize the time on the VM to the host time.
Page 352
AWS Storage Gateway User Guide Configuring VMware for Storage Gateway It is important to make sure that your host clock is set to the correct time. If you have not configured your host clock, perform the following steps to set and synchronize it with an NTP server.
Page 353
Choose OK to close the NTP Daemon (ntpd) Options dialog box. Choose OK to close the Time Configuration dialog box. Configuring the AWS Storage Gateway VM to Use Paravirtualized Disk Controllers In this task, you set the iSCSI controller so that the VM uses paravirtualization. Paravirtualization is a mode where the gateway VM works with the host operating system so the console can identify the virtual disks that you add to your VM.
Page 354
For more information about VMware HA, see VMware HA: Concepts and Best Practices on the VMware website. To use AWS Storage Gateway with VMware HA, we recommend doing the following things: API Version 2013-06-30...
AWS Storage Gateway User Guide Synchronizing Your Gateway VM Time • Deploy the VMware ESX .ova downloadable package that contains the AWS Storage Gateway VM on only one host in a cluster. • When deploying the .ova package, select a data store that is not local to one host. Instead, use a data store that is accessible to all hosts in the cluster.
AWS Storage Gateway User Guide Volume or Tape Gateway on Amazon EC2 Host If the result indicates that you should synchronize your VM's time to the NTP time, enter y. Otherwise, enter n. If you enter y to synchronize, the synchronization might take a few moments.
Page 357
On AWS Marketplace, choose Continue to Subscribe and choose Continue to Configuration on the next page. If this is your first time using a Storage Gateway AMI, accept the terms of service. On the Configure this Software page, choose a value for Fulfilment Option, Software Version, and Region, and then choose Continue to Launch.
To deploy a gateway on an Amazon EC2 instance On the Choose host platform page, choose Amazon EC2. Choose Launch instance to launch a storage gateway EC2 AMI. You are redirected to the EC2 community AMI page where you can choose an instance type.
Page 359
AWS Storage Gateway User Guide File Gateway on EC2 Host On the Configure Instance Details page, choose the AWS Identity and Access Management (IAM) role that you want to use for your gateway. Choose Next: Add Storage. On the Add Storage page, choose Add New Volume to add storage to your file gateway instance.
Page 360
15. Select your instance, take note of the public IP address in the Description tag and return to the Connect to gateway (p. 39) page on the Storage Gateway console to continue your gateway setup. The following shows the file gateway Amazon EC2 AMI names and AMI IDs.
AWS Storage Gateway User Guide Volume Gateway Region AMI Name AMI ID us-west-1 aws- ami-0831b9be25c2be35d thinstaller-1560967323 us-west-2 aws- ami-0e5a18885401d9460 thinstaller-1560967323 us-gov-west-1 aws- ami-6d6c160c thinstaller-1560967323 Volume Gateway Topics • Removing Disks from Your Gateway (p. 354) • Adding and Removing Amazon EBS Volumes for Your Gateway Hosted on Amazon EC2 (p. 356) Removing Disks from Your Gateway Although we don’t recommend removing the underlying disks from your gateway, you might want to...
Page 362
AWS Storage Gateway User Guide Removing Disks from Your Gateway Choose an option in the Removal Options panel, and then choose OK to complete the process of removing the disk. Removing a Disk from a Gateway Hosted on Microsoft Hyper-V Using the following procedure, you can remove a disk from your gateway hosted on a Microsoft Hyper-V hypervisor.
AWS Storage Gateway User Guide EBS Volumes for EC2 Gateways In the Hardware list of the Settings dialog box, select the disk to remove, and then choose Remove. The disks you add to a gateway appear under the SCSI Controller entry in the Hardware list. Verify that the Controller and Location value are the same value that you noted previously.
• Displaying Barcodes for Tapes in Microsoft System Center DPM (p. 360) For medium changers, AWS Storage Gateway works with the following: • AWS-Gateway-VTL – This device is provided with the gateway. • STK-L700 – This device emulation is provided with the gateway.
Page 365
After your gateway is activated, you can choose to select a different medium changer type. Important If your tape gateway uses the Symantec Backup Exec 2014 or NetBackup 7.x backup software, you must select the AWS-Gateway-VTL device type. For more information on how to change the API Version 2013-06-30...
Page 366
On the Discovered targets pane, choose the medium changer you want to change, choose Disconnect, and then choose OK. On the Storage Gateway console, choose Gateways from the navigation pane, and then choose the gateway whose medium changer you want to change.
Page 367
If you use the media changer driver for Sony TSL-A500C Autoloader, Microsoft System Center Data Protection Manager doesn't automatically display barcodes for virtual tapes created in Storage Gateway. To display barcodes correctly for your tapes, change the media changer driver to Sun/StorageTek Library.
By default, AWS Storage Gateway searches for all virtual tapes. However, you can also filter your search by status. If you filter for status, tapes that match your criteria appear in the library in the AWS Storage Gateway console.
AWS Storage Gateway User Guide Getting Activation Key If you filter for gateway, tapes that are associated with that gateway appear in the library in the AWS Storage Gateway console. Note By default, AWS Storage Gateway displays all tapes regardless of status.
• Microsoft Windows PowerShell (p. 363) AWS CLI If you haven't already done so, you must install and configure the AWS CLI. To do this, follow these instructions in the AWS Command Line Interface User Guide: • Installing the AWS Command Line Interface •...
The client component of an iSCSI network. The initiator sends requests to the iSCSI target. Initiators can be implemented in software or hardware. AWS Storage Gateway only supports software initiators. iSCSI target The server component of the iSCSI network that receives and responds to requests from initiators.
To add and configure upload buffer or cache storage (p. 223). The following diagram highlights the iSCSI target in the larger picture of the AWS Storage Gateway architecture. For more information, see How AWS Storage Gateway Works (Architecture) (p. You can connect to your volume from either a Windows or Red Hat Linux client. You can optionally configure CHAP for either client type.
Page 373
DNS name, and then choose OK. To get the IP address of your gateway, check the Gateway tab on the AWS Storage Gateway console. If you deployed your gateway on an Amazon EC2 instance, you can find the public IP or DNS address in the Description tab on the Amazon EC2 console.
Page 374
AWS Storage Gateway User Guide Connecting to Your Volumes to a Windows Client The IP address now appears in the Target portals list on the Discovery tab. Connect the new target portal to the storage volume target on the gateway: Choose the Targets tab.
10). Note You connect only one application to each iSCSI target. The following diagram highlights the iSCSI target in the larger picture of the AWS Storage Gateway architecture. For more information on AWS Storage Gateway architecture, see Tape Gateways (p.
Page 376
DNS name, and then choose OK. To get the IP address of your gateway, check the Gateway tab on the AWS Storage Gateway console. If you deployed your gateway on an Amazon EC2 instance, you can find the public IP or DNS address in the Description tab on the Amazon EC2 console.
Page 377
AWS Storage Gateway User Guide Connecting to VTL Devices Select the first device and choose Connect. You connect the devices one at a time. In the Connect to Target dialog box, choose OK. Repeat steps 6 and 7 for each of the devices to connect all of them, and then choose OK in the iSCSI Initiator Properties dialog box.
Page 378
AWS Storage Gateway User Guide Connecting to VTL Devices If Driver Provider is not Microsoft, set the value as follows: Choose Update Driver. In the Update Driver Software dialog box, choose Browse my computer for driver software. In the Update Driver Software dialog box, choose Let me pick from a list of device drivers on my computer.
AWS Storage Gateway User Guide Connecting Your Volumes or VTL Devices to a Linux Client Select LTO Tape drive and choose Next. Choose Close to close the Update Driver Software window, and verify that the Driver Provider value is now set to Microsoft.
Page 380
[GATEWAY_IP] You can find the gateway IP in the iSCSI Target Info properties of a volume on the AWS Storage Gateway console. The output of the discovery command will look like the following example output.
AWS Storage Gateway User Guide Customizing iSCSI Settings ls -l /dev/disk/by-path The output of the command will look like the following example output. lrwxrwxrwx. 1 root root 9 Apr 16 19:31 ip-[GATEWAY_IP]:3260-iscsi- iqn.1997-05.com.amazon:myvolume-lun-0 -> ../../sda We highly recommend that after you set up your initiator you customize your iSCSI settings as discussed in Customizing Your Linux iSCSI Settings (p.
Page 382
AWS Storage Gateway User Guide Customizing iSCSI Settings HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE- BFC1-08002BE10318} Find the subkey for the Microsoft iSCSI initiator, shown following as [<Instance Number]. The key is represented by a four-digit number, such as 0000. HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE- BFC1-08002BE10318}\[<Instance Number] Depending on what is installed on your computer, the Microsoft iSCSI initiator might not be the subkey 0000.
Page 383
AWS Storage Gateway User Guide Customizing iSCSI Settings Navigate to the Disk subkey in the Services subkey of the CurrentControlSet, shown following. HKEY_Local_Machine\SYSTEM\CurrentControlSet\Services\Disk Open the context (right-click) menu for the TimeOutValue DWORD (32-bit) value, choose Modify, and then change the value to 600.
VTL device target. To set up CHAP, you must configure it both on the AWS Storage Gateway console and in the iSCSI initiator software that you use to connect to the target. Storage Gateway uses mutual CHAP, which is when the initiator authenticates the target and the target authenticates the initiator.
Page 385
Linux client (p. 384). To configure CHAP for a volume target on the AWS Storage Gateway console In this procedure, you specify two secret keys that are used to read and write to a volume. These same keys are used in the procedure to configure the client initiator.
Page 386
Choose the Details tab and confirm that iSCSI CHAP authentication is set to true. To configure CHAP for a VTL device target on the AWS Storage Gateway console In this procedure, you specify two secret keys that are used to read and write to a virtual tape. These same keys are used in the procedure to configure the client initiator.
Page 387
The Initiator Name value is unique to your initiator and company. The name shown preceding is the value that you used in the Configure CHAP Authentication dialog box of the AWS Storage Gateway console. The name shown in the example image is for demonstration purposes only.
Page 388
AWS Storage Gateway User Guide Configuring CHAP Authentication In this dialog box, you enter the secret that the initiator (the Windows client) uses to authenticate the target (the storage volume). This secret allows the target to read and write to the initiator.
Page 389
AWS Storage Gateway User Guide Configuring CHAP Authentication If the target that you want to configure for CHAP is currently connected, disconnect the target by selecting it and choosing Disconnect. Select the target that you want to configure for CHAP, and then choose Connect.
Page 390
AWS Storage Gateway User Guide Configuring CHAP Authentication In the Advanced Settings dialog box, configure CHAP. Select Enable CHAP log on. Type the secret that is required to authenticate the initiator. This secret is the same as the secret typed into the Secret used to Authenticate Initiator box in the Configure CHAP Authentication dialog box.
Page 391
In this procedure, you configure CHAP in the Linux iSCSI initiator using the same keys that you used to configure CHAP for the volume on the AWS Storage Gateway console. Ensure that the iSCSI daemon is running and that you have already connected to a target. If you have not completed these two tasks, see Connecting to a Microsoft Windows Client (p.
Page 392
AWS Storage Gateway User Guide Configuring CHAP Authentication The following command removes the configuration for the myvolume target. sudo /sbin/iscsiadm --mode node --op delete --targetname iqn.1997-05.com.amazon:myvolume Edit the iSCSI configuration file to enable CHAP. Get the name of the initiator (that is, the client you are using).
Storage Gateway endpoints. The public virtual interface bypasses internet service providers in your network path. The Storage Gateway service public endpoint can be in the same AWS Region as the AWS Direct Connect location, or it can be in a different AWS Region.
Page 394
AWS Storage Gateway User Guide Port Requirements Volume Gateways and Tape Gateways The following illustration shows the ports to open for volume gateways' and tape gateways' operation. The following ports are common to all gateway types and are required by all gateway types.
Page 395
AWS Storage Gateway User Guide Port Requirements From Protocol Port How Used Storage Transmission 443 (HTTPS) Gateway VM Control communication Protocol (TCP) from an AWS Storage Gateway VM to an AWS service endpoint. For information about service endpoints, Allowing AWS Storage...
Page 396
AWS Storage Gateway User Guide Port Requirements From Protocol Port How Used your gateway’s port 80. Storage Domain Name User Datagram 53 (DNS) Gateway VM Service (DNS) Protocol communication server (UDP)/UDP between a Storage Gateway VM and the DNS server.
Page 397
AWS Storage Gateway User Guide Port Requirements RuleNetwork File Share Protocol Port Inbound Outbound Required? Notes Element Type ✓ ✓ ✓ File share client TCP/UDP File sharing data Data transfer (for NFS only) 2049 ✓ ✓ ✓ ...
• EC2 host: Getting an IP Address from an Amazon EC2 Host (p. 391) When you locate the IP address, take note of it. Then return to the AWS Storage Gateway console and type the IP address into the console.
Choose the Description tab at the bottom, and then note the Elastic IP value. You use this elastic IP address to connect to the gateway. Return to the AWS Storage Gateway console and type in the elastic IP address.
Amazon EC2 API, Amazon EC2 expects resource IDs in lowercase. You must change your resource ID to lowercase to use it with the EC2 API. For example, in Storage Gateway the ID for a volume might be vol-1122AABB. When you use this ID with the EC2 API, you must change it to vol-1122aabb.
• Valid characters for the key property are UTF-8 letters and numbers, space, and special characters + - = . _ : / and @. Working with Tags You can work with tags by using the Storage Gateway console, the Storage Gateway API, or the Storage Gateway Command Line Interface (CLI).
In this section, you can find information about third party tools and licenses that we depend on to deliver AWS Storage Gateway functionality. The source code for certain open-source software components that are included with the AWS Storage Gateway software is available for download at the following locations: •...
Note If you create a snapshot from a cached volume that is more than 16 TiB in size, you can restore it to a Storage Gateway volume but not to an Amazon Elastic Block Store (Amazon EBS) volume. Maximum number of volumes per...
Using Storage Classes AWS Storage Gateway supports the Amazon S3 Standard, Amazon S3 Standard-Infrequent Access, Amazon S3 One Zone-Infrequent Access and Glacier storage classes. For more information about storage...
AWS Storage Gateway User Guide Using GLACIER Storage Class With File Gateway Using GLACIER Storage Class With File Gateway If you transition a file to Glacier through Amazon S3 Lifecycle Policies and the file is visible to your file share clients through the cache, you get IO errors when you update the file. We recommend that you set up CloudWatch Events to receive notification when these IO errors occur and use the notification...
API Reference for AWS Storage Gateway In addition to using the console, you can use the AWS Storage Gateway API to programmatically configure and manage your gateways. This section describes the AWS Storage Gateway operations, request signing for authentication and the error handling. For information about the regions and...
API Reference for AWS Storage Gateway (p. 399). Signing Requests AWS Storage Gateway requires that you authenticate every request you send by signing the request. To sign a request, you calculate a digital signature using a cryptographic hash function. A cryptographic API Version 2013-06-30...
Task 1: Create a Canonical Request Rearrange your HTTP request into a canonical format. Using a canonical form is necessary because AWS Storage Gateway uses the same canonical form when it recalculates a signature to compare with the one you sent.
The last line of the canonical request is the hash of the request body. Also, note the empty third line in the canonical request. This is because there are no query parameters for this API (or any AWS Storage Gateway APIs).
AWS Storage Gateway User Guide Exceptions Depending on the type of error, AWS Storage Gateway may return only just an exception, or it may return both an exception and an operation error code. Examples of error responses are shown in the Error Responses (p.
Operation Error Codes The following table shows the mapping between AWS Storage Gateway operation error codes and APIs that can return the codes. All operation error codes are returned with one of two general exceptions—InternalServerError and InvalidGatewayRequestException—described in Exceptions (p.
Page 412
AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code AddWorkingStorage CreateStorediSCSIVolume The specified disk is not CreateStorediSCSIVolume DiskSizeNotGigAligned gigabyte-aligned. The specified disk size CreateStorediSCSIVolume DiskSizeGreaterThanVolumeMaxSize is greater than the maximum volume size.
Page 420
AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code UpdateGatewayInformation UpdateGatewaySoftwareNow UpdateSnapshotSchedule The local storage limit AddCache LocalStorageLimitExceeded was exceeded. AddUploadBuffer AddWorkingStorage The specified LUN is CreateStorediSCSIVolume LunInvalid invalid. The maximum volume...
Page 421
AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code The specified operation is ActivateGateway NotSupported not supported. AddCache AddUploadBuffer AddWorkingStorage CreateCachediSCSIVolume CreateSnapshot CreateSnapshotFromVolumeRecoveryPoint CreateStorediSCSIVolume DeleteBandwidthRateLimit DeleteChapCredentials DeleteGateway DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes...
Page 422
AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code UpdateGatewayInformation UpdateGatewaySoftwareNow UpdateSnapshotSchedule The specified gateway is ActivateGateway OutdatedGateway out of date. The specified snapshot is DeleteVolume SnapshotInProgressException in progress. The specified snapshot is...
AWS Storage Gateway User Guide Error Responses Operation Error Code Message Operations That Return this Error Code The specified operation is AddCache UnsupportedOperationForGatewayType not valid for the type of AddWorkingStorage the gateway. CreateCachediSCSIVolume CreateSnapshotFromVolumeRecoveryPoint CreateStorediSCSIVolume DeleteSnapshotSchedule DescribeCache DescribeCachediSCSIVolumes DescribeStorediSCSIVolumes DescribeUploadBuffer...
Page 424
ARN request input that does not exist. "__type": "InvalidGatewayRequestException", "message": "The specified volume was not found.", "error": { "errorCode": "VolumeNotFound" The following JSON body is returned if AWS Storage Gateway calculates a signature that does not match the signature sent with a request. API Version 2013-06-30...
"__type": "InvalidSignatureException", "message": "The request signature we calculated does not match the signature you provided." Operations in AWS Storage Gateway For a list of AWS Storage Gateway operations, see Actions in the AWS Storage Gateway API Reference. API Version 2013-06-30...
• Latest documentation update: June 20, 2019 The following table describes important changes in each release of the AWS Storage Gateway User Guide after April 2018. For notification about updates to this documentation, you can subscribe to an RSS feed.
Page 427
Integration with AWS AWS Storage Gateway integrates January 16, 2019 Backup (p. 419) with AWS Backup. You can now use AWS Backup to back up on- premises business applications that use Storage Gateway volumes for cloud-backed storage. For more information, Backing Up Your Volumes.
DEEP_ARCHIVE). For more information, see Testing Your Setup by Using NovaStor DataCenter/Network. Earlier Updates The following table describes important changes in each release of the AWS Storage Gateway User Guide before May 2018. Change Description Date Changed Support for S3 One For file gateways, you can now choose S3 One Zone_IA...
Page 429
(GLACIER or DEEP_ARCHIVE). For more information, see Testing Your Setup by Using Dell EMC NetWorker (p. 95). New Region AWS Storage Gateway is now available in the EU December 18, 2017 (Paris) Region. For detailed information, see Regions (p. 10). Support for file File gateways now enable you to get notification...
Page 430
(VTL). For more information, see Viewing Tape Usage (p. 181). New Region AWS Storage Gateway is now available in the Asia Pacific May 02, 2017 (Mumbai) Region. For detailed information, see Regions (p. 10).
Page 431
Glacier. For more information, see Testing Your Setup by Using Micro Focus (HPE) Data Protector (p. 99). New Region AWS Storage Gateway is now available in the US East October 17, 2016 (Ohio) Region. For detailed information, see Regions (p. 10).
Page 432
AWS Storage Gateway console Limits (p. 395). You can now set the password for your VM local console on the AWS Storage Gateway Console. For information, Setting the Local Console Password from the Storage Gateway Console (p. 253).. Compatibility Tape gateway is now compatible with Dell EMC...
Page 433
Configuring hypervisor Network Adapters for Your Gateway (p. 264). Performance The maximum upload rate for AWS Storage Gateway enhancements has increased to 120 MB a second, and the maximum download rate has increased to 20 MB a second. Miscellaneous enhancements and...
Page 434
10). This release includes the following AWS Storage Gateway improvements and updates: • From the AWS Storage Gateway console, you can now see the date and time the last successful software update was applied to your gateway. For more information, see Managing Gateway Updates Using the AWS Storage Gateway Console (p.
Page 435
AWS CloudTrail to CloudTrail. AWS CloudTrail captures API calls made by or capture API calls on behalf of AWS Storage Gateway in your AWS account and delivers the log files to an Amazon S3 bucket that you specify. For more information, see Logging Storage Gateway API Calls with AWS CloudTrail (p.
Page 436
Clustering (WSFC). However, you can't connect multiple Support for VMware hosts to that same volume without using WSFC. ESX initiator • AWS Storage Gateway now enables you to manage storage connectivity directly through your ESX host. Support for This provides an alternative to using initiators resident performing in the guest OS of your VMs.
Page 437
• To get started with tape gateway, see Creating a Tape Gateway (p. 75). Support for AWS Storage Gateway now provides the ability to deploy April 10, 2013 Microsoft Hyper-V an on-premises gateway on the Microsoft Hyper-V virtualization platform. Gateways deployed on Microsoft Hyper-V have all the same functionality and features as the existing on-premises storage gateway.
Page 438
You can also try a test setup. For instructions, see Creating a Tape Gateway (p. 75). API and IAM support In this release, AWS Storage Gateway introduces API May 9, 2012 support as well as support for AWS Identity and Access Management(IAM).
Need help?
Do you have a question about the Storage Gateway and is the answer not in the manual?
Questions and answers