AWS Storage Gateway User Manual

Table of Contents

Quick Links

Download this manual

AWS Storage Gateway

User Guide

API Version 2013-06-30

Table of Contents

Troubleshooting

Need help?

Do you have a question about the Storage Gateway and is the answer not in the manual?

Questions and answers

Summary of Contents for AWS Storage Gateway

Page 1 AWS Storage Gateway User Guide API Version 2013-06-30...
Page 2 AWS Storage Gateway User Guide AWS Storage Gateway: User Guide...
Page 3: Table Of Contents
AWS Storage Gateway User Guide Table of Contents What Is AWS Storage Gateway? ......................1 Are You a First-Time AWS Storage Gateway User? ................2 How AWS Storage Gateway Works ....................2 File Gateways ........................3 Volume Gateways ....................... 3 Tape Gateways ........................
Page 4 Using Amazon CloudWatch Metrics ................... 213 Measuring Performance Between Your Tape Gateway and AWS ..........213 Logging Storage Gateway API Calls with AWS CloudTrail ............. 215 Storage Gateway Information in CloudTrail ................ 216 Understanding Storage Gateway Log File Entries ..............216 Maintaining Your Gateway .......................
Page 5 Conﬁguring Network Adapters for Your Gateway ..............275 Deleting Your Gateway and Removing Resources ................ 281 Deleting Your Gateway by Using the AWS Storage Gateway Console ........282 Removing Resources from a Gateway Deployed On-Premises ..........282 Removing Resources from a Gateway Deployed on an Amazon EC2 Instance ......284 Performance ..........................
Page 6 Recovering Your Data From An Inaccessible Data Center ............341 Additional Resources ........................343 Host Setup ..........................343 Conﬁguring VMware for Storage Gateway ................. 343 Synchronizing Your Gateway VM Time ................348 Volume or Tape Gateway on Amazon EC2 Host ..............349 File Gateway on EC2 Host ....................
Page 7 AWS Storage Gateway User Guide Conﬁguring CHAP Authentication ..................377 Using AWS Direct Connect with Storage Gateway ............... 386 Port Requirements ........................386 Connecting to Your Gateway ....................391 Getting an IP Address from an Amazon EC2 Host ............... 391 Understanding Resources and Resource IDs ................
Page 8: What Is Aws Storage Gateway
AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between your on-premises IT environment and the AWS storage infrastructure. You can use the service to store data in the AWS Cloud for scalable and cost- eﬀective storage that helps maintain data security.
Page 9: Are You A First-Time Aws Storage Gateway User
You can run AWS Storage Gateway either on-premises as a VM appliance, as a hardware appliance, or in AWS as an Amazon Elastic Compute Cloud (Amazon EC2) instance. You deploy your gateway on an EC2 instance to provision iSCSI storage volumes in AWS.
Page 10: File Gateways
CloudWatch metrics provide insight into resource use on the VM and data transfer to and from AWS. CloudTrail tracks all API calls. With ﬁle gateway storage, you can do such tasks as ingesting cloud workloads to S3, performing backup and archive, tiering and migrating storage data to the AWS Cloud.
Page 11 Amazon S3. The following diagram provides an overview of the cached volumes deployment. After you install the Storage Gateway software appliance—the VM—on a host in your data center and activate it, you use the AWS Management Console to provision storage volumes backed by Amazon S3.
Page 12 The following diagram provides an overview of the stored volumes deployment. After you install the AWS Storage Gateway software appliance—the VM—on a host in your data center and activated it, you can create gateway storage volumes. You then map them to on-premises direct- attached storage (DAS) or storage area network (SAN) disks.
Page 13: Tape Gateways
Storage Gateway console or programmatically by using the Storage Gateway API. Each gateway can contain up to 1500 tapes or up to 1 PiB of total tape data at a time. The size of each virtual tape, which you can conﬁgure when you create the tape, is between 100 GiB and 2.5 TiB.
Page 14 • Retrieving tapes – You can't read archived tapes directly. To read an archived tape, you must ﬁrst retrieve it to your tape gateway either by using the Storage Gateway console or by using the Storage Gateway API. When you retrieve a tape that is archived in GLACIER, it becomes available in your VTL in about three to ﬁve hours after you start retrieval.
Page 15: Pricing
For an architectural overview, see Tape Gateways (p. 2. Hosting option – You can run Storage Gateway either on-premises as a VM appliance, or as hardware appliance or in AWS as an Amazon EC2 instance. For more information, see Requirements (p.
Page 16 AWS Storage Gateway User Guide Plan Your Gateway Deployment the gateway behind a ﬁrewall, make sure that ports are accessible to the gateway VM. For more information, see Requirements (p. 10). 2. For a tape gateway, you have installed client backup software. For more information, see Supported Third-Party Backup Applications for a Tape Gateway (p.
Page 17: Getting Started
In this section, you can ﬁnd instructions about how to get started with AWS Storage Gateway. To get started, you ﬁrst sign up for AWS. If you are a ﬁrst-time user, we recommend that you read the regions and requirements section.
Page 18: Hardware And Storage Requirements
S3 can be lost. Before you stop the instance that hosts the gateway make sure the CachePercentDirty CloudWatch metric is 0. For more information about monitoring metrics for your storage gateway, see storage gateway metrics dimensions.
Page 19: Network And Firewall Requirements
AWS Storage Gateway User Guide Network and Firewall Requirements If you have more than 5 million objects in your Amazon S3 bucket and you are using a General Purposes SSD volume, a minimum root EBS volume of 350 GiB is needed for acceptable performance of your gateway during start up.
Page 20 In these cases, your gateway might experience service connectivity issues when the AWS IP range values changes. The AWS IP address range values that you need to use are in the Amazon service subset for the AWS Region that you activate your gateway in. For the current IP...
Page 21 AWS Storage Gateway User Guide Network and Firewall Requirements Protocol Port Direction Source Destination How Used Gateway appliance. AWS Storage Gateway does not require port 80 to be publicly accessible. The required level of access to port 80 depends on your network conﬁguration.
Page 22 AWS-managed Microsoft Active Directory in the AWS Cloud. For most AWS-managed Active Directory deployments, you need to conﬁgure the Dynamic Host Conﬁguration Protocol (DHCP) service for your VPC. For more information about how to create a DHCP options set, see here.
Page 23 AWS Storage Gateway User Guide Network and Firewall Requirements Protocol Port Direction Source Destination How Used TCP/UDP 2049 (NFS) Inbound NFS Clients Storage For local Gateway systems to connect to NFS shares that your gateway exposes. TCP/UDP 111 (NFSv3) Inbound...
Page 24 Networking and Firewall Requirements for the AWS Storage Gateway Hardware Appliance Each AWS Storage Gateway Hardware Appliance requires the following network services: • Internet access – an always-on network connection to the internet through any network interface on the server.
Page 25 AWS Storage Gateway User Guide Network and Firewall Requirements You can use the iDRAC port for remote server management. A hardware appliance requires the following ports to operate. Protocol Port Direction Source Destination How Used Outbound Hardware Support 54.201.223.107 appliance...
Page 26 Allowing AWS Storage Gateway Access Through Firewalls and Routers Your gateway requires access to the following endpoints to communicate with AWS. If you use a ﬁrewall or router to ﬁlter or limit network traﬃc, you must conﬁgure your ﬁrewall and router to allow these service endpoints for outbound communication to AWS.
Page 27: Supported Hypervisors And Host Requirements
For example, if you create a gateway in the US West (Oregon) region, the endpoint looks like this: storagegateway.us-west-2.amazonaws.com:443. • Storage Gateway—For supported AWS Regions and a list of AWS service endpoints you can use with Storage Gateway, see Regions and Endpoints in the AWS General Reference.
Page 28: Supported Nfs Clients For A File Gateway
Supported File System Operations for a File Gateway Your NFS or SMB client can write, read, delete, and truncate ﬁles. When clients send writes to AWS Storage Gateway, it writes to local Cache synchronously. Then it writes to Amazon S3 asynchronously...
Page 29: Supported Iscsi Initiators
10 tape drives. These tape drives and the media changer are available to your existing client backup applications as iSCSI devices. To connect to these iSCSI devices, AWS Storage Gateway supports the following iSCSI initiators: • Windows Server 2012 and Windows Server 2012 R2 •...
Page 30: Accessing Aws Storage Gateway
API Reference for AWS Storage Gateway (p. 399). You can also use the AWS SDKs to develop applications that interact with AWS Storage Gateway. The AWS SDKs for Java, .NET, and PHP wrap the underlying AWS Storage Gateway API to simplify your programming tasks.
Page 31: Using The Hardware Appliance
Hardware Appliance from the Hardware page on the AWS Management Console. When you create new gateway in the AWS Storage Gateway console, you have the option to run the gateway appliance on virtual platforms. AWS Storage Gateway supports VMware ESXi, Microsoft Hyper- V, and Amazon EC2 as hosts.
Page 32: Setting Up Your Hardware Appliance
You can increase the usable storage on the hardware appliance from 5 TB to 12 TB. This provides a larger cache for low latency access to data in AWS. To increase the usable storage to 12 TB, you can buy ﬁve 1.92 TB SSDs (solid state drives), which is available on the Amazon Website, and add them to the...
Page 33 After the server boots up, the hardware console appears on the monitor. The hardware console presents a user interface speciﬁc to AWS that you can use to conﬁgure initial network parameters. You conﬁgure these parameters to connect the appliance to AWS and open up a support channel for troubleshooting by AWS Support.
Page 34: Conﬁgure Network Parameters
AWS Storage Gateway User Guide Conﬁgure Network Parameters For Conﬁrm, re-enter your password, and then choose Save Password. At this point, you are in the hardware console, shown following. Next Step Conﬁgure Network Parameters (p. 27) Conﬁgure Network Parameters After the server boots up, you can enter your ﬁrst password in the hardware console as described in Rack-Mount Your Hardware Appliance and Connect It to Power (p.
Page 35 AWS Storage Gateway User Guide Conﬁgure Network Parameters To set a network address Choose Conﬁgure Network and press the Enter key. The Conﬁgure Network screen shown following appears. For IP Address, enter a valid IPv4 address from one of the following sources: •...
Page 36: Activate Your Hardware Appliance
AWS account. AWS Storage Gateway Hardware Appliance is only available in the US and Europe. You can choose to activate your hardware appliance in any of the supported AWS Regions. For the supported AWS Regions, AWS Storage Gateway Hardware Appliance Regions in the AWS General Reference.
Page 37 AWS Storage Gateway User Guide Activate Your Hardware Appliance If this is your ﬁrst gateway in an AWS Region, you see the splash screen shown following. After you create a gateway in this AWS Region, this screen no longer displays.
Page 38 AWS Storage Gateway User Guide Activate Your Hardware Appliance For IP Address, enter the IPv4 address of your appliance, and then choose Connect to Hardware to go to the Activate Hardware screen shown following. For Hardware name, enter a name for your appliance. Names can be up to 255 characters long and can't include a slash character.
Page 39: Launching A Gateway
Choose Launch gateway. The Storage Gateway software for your chosen gateway type installs on the appliance. It can take up to 5–10 minutes for a gateway to show up as online in the console. To assign a static IP address to your installed gateway, you next conﬁgure the gateway's network interfaces so your applications can use it.
Page 40: Conﬁguring An Ip Address For The Gateway
Set Local Password dialog box. (Optional) Conﬁgure your proxy settings. See the section called “Setting the Local Console Password from the Storage Gateway Console” (p. 253) for instructions. Navigate to the Network Settings page of the gateway local console as shown following.
Page 41: Conﬁguring Your Gateway
After you activate your Hardware Appliance in your AWS account, you might have a need to move and activate it in a diﬀerent AWS account. In this case, you ﬁrst delete the appliance from the AWS account and activate it in another AWS account. You might also want to delete the appliance completely from your AWS account because you no longer need it.
Page 42 AWS Storage Gateway User Guide Deleting Your Hardware Appliance When you delete the hardware appliance, all the resources associated with the gateway that is installed on the appliance are delete also, but the data on the hardware appliance itself is not deleted.
Page 43: Creating Your Gateway
AWS Storage Gateway Management Console and choose the AWS Region that you want to create your gateway in. If you haven't created a gateway in this AWS Region, the Storage Gateway service homepage is displayed. Choose Get started to open the Create gateway page. On this page, you choose a gateway type. If you have a gateway in the current AWS Region, the console shows your gateway in the console.
Page 44 If you have previously created a gateway in this AWS Region, the console shows your gateway. Otherwise, the service homepage appears. If you haven't created a gateway in the AWS Region that you chose, choose Get started. If you already have a gateway in the AWS Region that you chose, choose Gateways from the navigation pane, and then choose Create gateway.
Page 45 If you don't use ﬁxed-size provisioning, the storage is allocated on demand. On-demand allocation can aﬀect the functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in ﬁxed- size provisioned format.
Page 46 351). Choosing a Service Endpoint You can activate your gateway using a public endpoint and have your gateway communicate with AWS storage services over the public Internet or activate it using a private VPC endpoint. If you use a VPC endpoint, all communication from your gateway to AWS services occurs through the VPC endpoint in your VPC in AWS.
Page 47 For detailed information about how to get a gateway IP address, see Connecting to Your Gateway (p. 391). Activating Your Gateway To activate your gateway The gateway type, endpoint type, and AWS Region you selected are shown on the activation page. API Version 2013-06-30...
Page 48 The following screenshot shows the activation page for a ﬁle gateway. AWS Region speciﬁes the AWS Region where your gateway will be activated and where your data will be stored. If Endpoint type is VPC, the AWS Region should be same as the Region where your VPC Endpoint is located.
Page 49: Creating A File Share
AWS Storage Gateway User Guide Creating a File Share Choose Cache for the disk you want to conﬁgure as cache storage. If you don't see your disks, choose Refresh. Choose Save and continue to save your conﬁguration settings. Next Step Creating a File Share (p.
Page 50 To create a ﬁle share, a ﬁle gateway requires you to activate AWS Security Token Service (AWS STS). Make sure that AWS STS is activated in the AWS Region that you are creating your ﬁle gateway in. If AWS STS is not activated in that AWS Region, activate it. For information about...
Page 51 Requester Pays Buckets. For Access to your bucket, choose the AWS Identity and Access Management (IAM) role that you want your gateway to use to access your Amazon S3 bucket. This role allows the gateway to access your S3 bucket. A ﬁle gateway can create a new IAM role and access policy on your behalf. Or, if you have an IAM role that you want to use, you can specify it in the IAM role box and set up the access policy manually.
Page 52 Port Requirements (p. 386). To create an SMB ﬁle share Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose Gateways, and on the Gateway page, choose the box next to the ﬁle gateway that you want to join to a domain.
Page 53 To conﬁgure your SMB ﬁle share for Microsoft Active Directory access Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose Gateways, and on the Gateway page, choose the box next to the ﬁle gateway that you want to join to a domain.
Page 54 NetBios names, or hostnames of your domain server. To conﬁgure your SMB ﬁle share for guest access Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose Gateways, and on the Gateway page, choose the box next to the ﬁle gateway that you want to use for your guest ﬁle share.
Page 55 Make sure that you deﬁne the SMB ﬁle share settings for your ﬁle gateway before performing the following steps. To create an SMB ﬁle share Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. On the navigation pane, choose Shares, choose the ﬁle gateway that you want to use, and then choose Create ﬁle share.
Page 56 AWS Storage Gateway User Guide Creating a File Share On the Conﬁgure ﬁle share settings page, for Amazon S3 bucket name, provide a name for an existing Amazon S3 bucket. You use this bucket for your gateway to store ﬁles in and retrieve For Access Objects using, choose Server Message Block (SMB).
Page 57 Requester Pays Buckets. For Access to your bucket, choose the AWS Identity and Access Management (IAM) role that you want your gateway to use to access your Amazon S3 bucket. This role allows the gateway to access your S3 bucket. A ﬁle gateway can create a new IAM role and access policy on your behalf. Or, if you have an IAM role you want to use, you can specify it in the IAM role box and set up the access policy manually.
Page 58: Using Your File Share
Gateway (p. 21). You can ﬁnd example commands to mount your ﬁle share on the AWS Management Console. In following sections, you can ﬁnd details on how to mount your ﬁle share on your client, use your share, test your ﬁle gateway, and clean up resources as needed.
Page 59 AWS Storage Gateway User Guide Using Your File Share mount –o nolock -o mtype=hard [Your gateway VM IP address]:/[S3 bucket name] [Drive letter on your windows client] For example, suppose that on a Windows client your VM's IP address is 123.123.1.2 and your Amazon S3 bucket name is test-bucket.
Page 60 AWS Storage Gateway User Guide Using Your File Share If you are a guest user, make sure that you have the guest user account password before attempting to mount the ﬁle share. To mount your SMB ﬁle share for Microsoft AD users using the net use command Make sure that you have access to the SMB ﬁle share before mounting the ﬁle share to your local...
Page 61 You can edit ﬁle share settings, edit allowed and denied users and groups, and change the guest access password from the Storage Gateway Management Console. You can also refresh the data in the ﬁle share's cache and delete a ﬁle share from the console.
Page 62 On the Amazon S3 Management Console, navigate to your mapped bucket. You should see the ﬁles and folders that you copied in the Amazon S3 bucket that you speciﬁed. You can see the ﬁle share that you created in the File shares tab in the AWS Storage Gateway Management Console.
Page 63: Creating A Volume Gateway
• To troubleshoot gateway problems, see Troubleshooting Your Gateway (p. 316). • To learn about Storage Gateway metrics and how you can monitor how your gateway performs, see Monitoring Your Gateway and Resources (p. 185). Cleaning Up Resources You Don't Need If you created your gateway as an example exercise or a test, consider cleaning up to avoid incurring unexpected or unnecessary charges.
Page 64: Creating A Gateway
Otherwise, the service homepage appears. If you haven't created a gateway in the AWS Region you selected, choose Get started. If you already have a gateway in the AWS Region you chose, choose Gateways from the navigation pane, and then choose Create gateway.
Page 65 In contrast, thin provisioning allocates storage on demand. On-demand allocation can aﬀect the normal functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in thick- provisioned format.
Page 66 If you don't use ﬁxed-size provisioning, the storage is allocated on demand. On-demand allocation can aﬀect the functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in ﬁxed- size provisioned format.
Page 67 IP address from your gateway VM local console or your hypervisor client. For gateways deployed and activated on an Amazon EC2 instance, you can get the IP address from the Amazon EC2 console. The activation process associates your gateway with your AWS account. Your gateway VM must be running for activation to succeed.
Page 68 The following screenshot shows the activation page for a volume gateway. AWS Region speciﬁes the AWS Region where your gateway will be activated and where your data will be stored. If Endpoint type is VPC, the AWS Region should be same as the Region where your VPC Endpoint is located.
Page 69 AWS Storage Gateway User Guide Creating a Gateway If activation fails, check that the IP address you entered is correct. If the IP address is correct, conﬁrm that your network is conﬁgured to let your browser access the gateway VM. For other possible solutions, Troubleshooting Your Gateway (p.
Page 70: Creating A Volume
You can use AWS Key Management Service (AWS KMS) to encrypt data written to a cached volume that is stored in Amazon S3. Currently, you can do this by using the AWS Storage Gateway API Reference. For more information, see...
Page 71 AWS Storage Gateway User Guide Creating a Volume If you have deﬁned your gateway to use multiple network adapters, choose the IP address that your storage applications should use to access your volume. For information about conﬁguring multiple network adapters, see Conﬁguring Your Gateway for Multiple NICs (p.
Page 72: Using Your Volume
Important With AWS Storage Gateway, you can connect multiple hosts to the same volume if the hosts coordinate access by using Windows Server Failover Clustering (WSFC). You can't connect multiple hosts to the same volume without using WSFC, for example by sharing a nonclustered NTFS/ext4 ﬁle system.
Page 73 AWS Storage Gateway User Guide Using Your Volume You can use the following command to install the package. sudo yum install iscsi-initiator-utils Make sure that the iSCSI daemon is running. For RHEL 5 or 6, use the following command. sudo /etc/init.d/iscsi status For RHEL 7, use the following command.
Page 74 AWS Storage Gateway User Guide Using Your Volume Initializing and Formatting Your Volume on Microsoft Windows Use the following procedure to initialize and format your volume on Windows. To initialize and format your storage volume Start diskmgmt.msc to open the Disk Management console.
Page 75 You verify the setup for a gateway by taking a snapshot backup of your volume and storing the snapshot in AWS. You then restore the snapshot to a new volume. Your gateway copies the data from the speciﬁed snapshot in AWS to the new volume.
Page 76 AWS Storage Gateway User Guide Using Your Volume This gateway should have only one storage volume. Choose the volume displays its properties. For Actions, choose Create Snapshot to create a snapshot of the volume. Depending on the amount of data on the disk and the upload bandwidth, it might take a few seconds to complete the snapshot.
Page 77 • To optimize your gateway, see Optimizing Gateway Performance (p. 287). • To learn about Storage Gateway metrics and how you can monitor how your gateway performs, see Monitoring Your Gateway and Resources (p. 185)). • To learn more about conﬁguring your gateway's iSCSI targets to store data, see Connecting to Your Volumes to a Windows Client (p.
Page 78: Backing Up Your Volumes
You can use the Storage Gateway Management Console to back up your volumes by taking Amazon EBS snapshots and storing the snapshots in AWS. You can either take an ad hoc (one-time) snapshot or set up a snapshot schedule that is managed by Storage Gateway. You can later restore the snapshot to a new volume by using the Storage Gateway console.
Page 79 Amazon EC2 instances. Beneﬁts of Using AWS Backup to Back Up Storage Gateway Volumes The beneﬁts of using AWS Backup to back up Storage Gateway volumes are that you can meet compliance requirements, avoid operational burden, and centralize backup management. AWS Backup enables you to do the following: •...
Page 80 If you want to create an on-demand backup of the Storage Gateway volume, choose Create on- demand backup with AWS Backup. You are directed the AWS Backup console. If you want to create a new AWS Backup plan, choose Create AWS backup plan. You are directed to the AWS Backup console.
Page 81 AWS Storage Gateway User Guide Backing Up Your Volumes On the AWS Backup console, you can create a backup plan, assign a Storage Gateway volume to the backup plan, and create a backup. You can also do ongoing backup management tasks.
Page 82: Creating A Tape Gateway
Choose Restore resource to restore your volume. Note You can't use the Amazon EBS console to delete a snapshot that is created by AWS Backup. Creating a Tape Gateway In this section, you can ﬁnd instructions about how to create and use a tape gateway.
Page 83 AWS Storage Gateway User Guide Creating a Gateway If you haven't created a gateway in the AWS Region you selected, choose Get started. If you already have a gateway in the AWS Region you selected, choose Gateways from the navigation pane, and then choose Create gateway.
Page 84 If you don't use ﬁxed-size provisioning, the storage is allocated on demand. On-demand allocation can aﬀect the functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in ﬁxed- size provisioned format.
Page 85 To make your gateway access AWS services over the public Internet, choose Public. To make your gateway access AWS services through the VPC endpoint in your VPC, choose VPC. This walkthorough assumes that you are activating your gateway with a public endpoint. For...
Page 86 323). To conﬁgure your gateway settings The gateway type, endpoint type, and AWS Region you selected are shown on the activation page. Type the information listed on the activation page to conﬁgure your gateway settings and complete the activation process.
Page 87 • AWS Region speciﬁes the AWS Region where your gateway will be activated and where your data will be stored. If Endpoint type is VPC, the AWS Region should be same as the Region where your VPC Endpoint is located.
Page 88 • Tape drive type speciﬁes the type of tape drive used by this gateway. Choose Activate gateway. When the gateway is successfully activated, the AWS Storage Gateway console displays the Conﬁgure local storage page. If activation is not successful, see Troubleshooting Your Gateway (p.
Page 89: Creating Tapes
You can use AWS Key Management Service (AWS KMS) to encrypt data written to a virtual tape that is stored in Amazon S3. Currently, you can do this by using the AWS Storage Gateway API Reference. For more information, see CreateTapes or create-tapes.
Page 90: Using Your Tape Gateway
AWS Storage Gateway User Guide Using Your Tape Gateway Note Virtual tapes are uniquely identiﬁed by a barcode. You can add a preﬁx to the barcode. The preﬁx is optional, but you can use it to help identify your virtual tapes. The preﬁx must be uppercase letters (A–Z) and must be one to four characters long.
Page 91 AWS Storage Gateway User Guide Using Your Tape Gateway • Using Your Backup Software to Test Your Gateway Setup (p. 86) • Where Do I Go from Here? (p. 133) Connecting Your VTL Devices Following, you can ﬁnd instructions about how to connect your virtual tape library (VTL) devices to your Microsoft Windows or Red Hat Enterprise Linux (RHEL) client.
Page 92 AWS Storage Gateway User Guide Using Your Tape Gateway Connecting to a Linux Client The following procedure shows a summary of the steps that you follow to connect to an RHEL client. To connect a Linux client to VTL devices Install the iscsi-initiator-utils RPM package.
Page 93 AWS Storage Gateway User Guide Using Your Tape Gateway Using Your Backup Software to Test Your Gateway Setup (p. 86) Using Your Backup Software to Test Your Gateway Setup You test your tape gateway setup by performing the following tasks using your backup application: 1.
Page 94 AWS Storage Gateway User Guide Using Your Tape Gateway Topics • Conﬁguring Arcserve to Work with VTL Devices (p. 87) • Loading Tapes into a Media Pool (p. 87) • Backing Up Data to a Tape (p. 88) • Archiving a Tape (p. 88) •...
Page 95 Choose your gateway, open the context (right-click) menu for one tape, and then choose Import/ Export Slot. Assign a mail slot to load the tape. The status in the Storage Gateway console changes to Archive. The archive process might take some time.
Page 96 Conﬁgure the local Bacula Director, add storage targets, and deﬁne media pools for your tapes. Use the script provided in the Bacula whitepaper discussed preceding. Backing Up Data to Tape Create tapes in the Storage Gateway console. For information on how to create tapes, see Creating Tapes (p.
Page 97 AWS Storage Gateway User Guide Using Your Tape Gateway For example, the following command transfers tapes from I/E slot 1601 to storage slot 1. /opt/bacula/scripts/mtx-changer transfer 1601 1 Launch the Bacula console by using the following command. /opt/bacula/bin/bconsole Note When you create and transfer a tape to Bacula, use the Bacula console (bconsole) command update slots storage=VTL so that Bacula knows about the new tapes that you created.
Page 98 AWS Storage Gateway User Guide Using Your Tape Gateway /opt/bacula/scripts/mtx-changer transfer 1601 1 Use the Bacula console to update the slots, and then mount the tape. Run the restore command to restore your data. For instructions, see the Bacula documentation.
Page 99 AWS Storage Gateway User Guide Using Your Tape Gateway Leave the Device Type options selected, choose Exhaustive Detection, and then choose OK. In the Conﬁrm Exhaustive Detection conﬁrmation box, choose Yes. In the Device Selection dialog box, choose your library and all its drives, and then choose OK. Wait for your devices to be detected, and then choose Close to close the log report.
Page 100 AWS Storage Gateway User Guide Using Your Tape Gateway In the Do you want to Use Global Deduplication Policy? dialog box, choose your Deduplication preference, and then choose Next. From Library for Primary Copy, choose your VTL library, and then choose Next.
Page 101 AWS Storage Gateway User Guide Using Your Tape Gateway In the navigation pane of the Storage Gateway console, choose Tapes. Verify that your archived tape's status is ARCHIVED. Restoring Data from a Tape You can restore data from a tape that has never been archived and retrieved, or from a tape that has been archived and retrieved.
Page 102 AWS Storage Gateway User Guide Using Your Tape Gateway 13. In the Job History dialog box, choose OK to open the history of jobs tab. 14. Find the job that you want to restore, open the context (right-click) menu for it, and then choose Browse and Restore.
Page 103 10. Choose your library to see your tapes in the left pane and the corresponding empty volume slots list in the right pane. In this screenshot, the AWS@3.0.0 library is selected. 11. In the volume list, select the volumes you want to enable (selected volumes are highlighted), open the context (right-click) menu for the selected volumes, and then choose Deposit.
Page 104 VTL. In the Dell EMC NetWorker software, verify that the tape is no longer in the storage slot. In the navigation pane of the Storage Gateway console, choose Tapes. Verify that your archived tape's status is ARCHIVED.
Page 105 AWS Storage Gateway User Guide Using Your Tape Gateway ﬁnd basic documentation on how to conﬁgure the IBM Spectrum Protect Version 7.x backup software for a tape gateway and perform backup and restore operations. For detailed information about how to use...
Page 106 AWS Storage Gateway User Guide Using Your Tape Gateway Restore the data by using the IBM Spectrum Protect backup software. You do this by creating a recovery point, as you do when restoring data from physical tapes. For instructions, see the Spectrum Protect Administrator's Guide.
Page 107 AWS Storage Gateway User Guide Using Your Tape Gateway On the Add Device tab, type a value for Device Name. For Device Type, choose SCSI Library, and then choose Next. On the next screen, do the following: For SCSI address of the library robotic, select your speciﬁc address.
Page 108 AWS Storage Gateway User Guide Using Your Tape Gateway • Load the virtual tape into media pool In the following sections, you can ﬁnd steps to guide you through this process. Loading Virtual Tapes into a Tape Library Your tape library should now be listed under Devices. If you don't see it, press F5 to refresh the screen.
Page 109 AWS Storage Gateway User Guide Using Your Tape Gateway To create a media pool In the Devices & Media shelf, open the tree node for Media, open the context (right-click) menu for the Pools node, and then choose Add Media Pool.
Page 110 To eject and archive a tape Open the context (right-click) menu for that tape, and choose Eject. On the AWS Storage Gateway console, choose your gateway, and then choose VTL Tape Cartridges and verify the status of the virtual tape you are archiving.
Page 111 AWS Storage Gateway User Guide Using Your Tape Gateway Choose the ﬁle system or database system you want to restore. For the backup that you want to restore, make sure that the box is selected. Choose Restore. In the Start Restore Session window, choose Needed Media. Choose All media, and you should see the tape originally used for the backup.
Page 112 AWS Storage Gateway User Guide Using Your Tape Gateway To update the VTL device drivers • In Device Manager, update the driver for the medium changer. For instructions, see Updating the Device Driver for Your Medium Changer (p. 359). You use the DPMDriveMappingTool to map your tape drives to the DPM tape library.
Page 113 AWS Storage Gateway User Guide Using Your Tape Gateway Open the context (right-click) menu for the media changer in the Library section, and then choose Add tape (I/E port) to add a tape to the Slots list. Note The process of adding tapes can take several minutes to complete.
Page 114 I/E slots. When a tape is moved into the gateway's I/E slot, it is immediately sent for archiving. On the AWS Storage Gateway console, choose your gateway, and then choose VTL Tape Cartridges and verify the status of the virtual tape you are archiving.
Page 115 Choose the library server from the list. The library list is automatically populated. Name the library and choose OK. Choose the library to display all the properties of the Storage Gateway virtual tape library. In the Storage Targets menu, expand Backup Servers, open the context (right-click) menu for the server, and choose Attach Library.
Page 116 AWS Storage Gateway User Guide Using Your Tape Gateway Expand Backup Servers to see the Storage Gateway virtual tape library and the library partition that shows all the mounted tape drives. Creating a Tape Pool A tape pool is dynamically created in the NovaStor DataCenter/Network software and so doesn't contain a ﬁxed number of media.
Page 117 VTL. In NovaStor DataCenter/Network, verify that the tape is no longer in the storage slot. In the navigation pane of the Storage Gateway console, choose Tapes. Verify that your archived tape's status is ARCHIVED.
Page 118 AWS Storage Gateway for storage drives and tape drives exceeds the number that NovaStor DataCenter/Network allows. Storage Gateway returns 3200 storage and import/export slots, which is more than the 2400 limit that NovaStor DataCenter/Network allows. To resolve this issue, you add a conﬁguration ﬁle that enables the NovaStor software to limit the number of storage and import/export slots and preconﬁgures the...
Page 119 For additional setup information, see Backing up to Amazon AWS with Quest NetVault Backup on the Quest (formerly Dell) website. For detailed information about how to use the Quest NetVault Backup application, see the Quest NetVault Backup 10.0.1 –...
Page 120 AWS Storage Gateway User Guide Using Your Tape Gateway Topics • Conﬁguring Quest NetVault Backup to Work with VTL Devices (p. 113) • Backing Up Data to a Tape in the Quest NetVault Backup (p. 114) • Archiving a Tape by Using the Quest NetVault Backup (p. 114) •...
Page 121 AWS Storage Gateway User Guide Using Your Tape Gateway Choose the drive you want to add to the bay that is displayed, and then choose Next. Important When you add a drive to a bay, the drive and bay numbers must match. For example, if bay 1 is displayed, you must add drive 1.
Page 122 VTL. In the Quest NetVault Backup software, verify that the tape is no longer in the storage slot. In the navigation pane of the Storage Gateway console, choose Tapes. Verify that your archived tape's status is ARCHIVED.
Page 123 AWS Storage Gateway User Guide Using Your Tape Gateway • Backing Up Data to a Tape in Veeam (p. 117) • Archiving a Tape by Using Veeam (p. 117) • Restoring Data from a Tape Archived in Veeam (p. 118) Conﬁguring Veeam to Work with VTL Devices...
Page 124 AWS Storage Gateway User Guide Using Your Tape Gateway Importing a Tape into Veeam You are now ready to import tapes from your tape gateway into the Veeam backup application library. To import a tape into the Veeam library Open the context (right–click) menu for the medium changer, and choose Import to import the tapes to the I/E slots.
Page 125 For Exporting tape, choose Close. The location of the tape changes from Slot to Oﬄine. On the AWS Storage Gateway console, choose your gateway, and then choose VTL Tape Cartridges and verify the status of the virtual tape you are archiving.
Page 126 AWS Storage Gateway User Guide Using Your Tape Gateway • Disabling a Tape Drive in Backup Exec (p. 122) Conﬁguring Storage in Backup Exec After you have connected the virtual tape library (VTL) devices to the Windows client, you conﬁgure Backup Exec storage to recognize your devices.
Page 127 AWS Storage Gateway User Guide Using Your Tape Gateway Choose the Slots icon to display all slots. Note When you import tapes into the robotic library, the tapes are stored in slots instead of tape drives. Therefore, the tape drives might have a message that indicates there is no media in the drives (No media).
Page 128 Alert: Media Intervention window. In the AWS Storage Gateway console, you can verify the status of the tape you are archiving. It might take some time to ﬁnish uploading data to AWS. During this time, the exported tape is listed in the tape gateway's VTL with the status IN TRANSIT TO VTS.
Page 129 AWS Storage Gateway User Guide Using Your Tape Gateway Disabling a Tape Drive in Backup Exec A tape gateway provides 10 tape drives, but you might decide to use fewer tape drives. In that case, you disable the tape drives you don't use.
Page 130 AWS Storage Gateway User Guide Using Your Tape Gateway Choose Conﬁgure Storage Devices to open the Device Conﬁguration wizard. Choose Next. The NetBackup application detects your computer as a device host. In the Device Hosts column, select your computer, and then choose Next. The NetBackup application scans your computer for devices and discovers all devices.
Page 131 AWS Storage Gateway User Guide Using Your Tape Gateway In the Devices node, choose Robots to display all your medium changers. In the NetBackup application, the medium changer is called a robot. In the All Robots pane, open the context (right-click) menu for TLD(0) (that is, your robot), and then choose Inventory Robot.
Page 132 For pricing information, see Pricing on the AWS Storage Gateway detail page. To create a volume pool A volume pool is a collection of virtual tapes to use for a backup.
Page 133 AWS Storage Gateway User Guide Using Your Tape Gateway Start the NetBackup Administration Console. Expand the Media node, open the context (right-click) menu for Volume Pool, and then choose New. The New Volume Pool dialog box appears. For Name, type a name for your volume pool.
Page 134 AWS Storage Gateway User Guide Using Your Tape Gateway For Volume Pool, choose New pool. For New pool, select the pool you just created, and then choose OK. You can verify that your volume pool contains the virtual tape that you just added by expanding the Media node and choosing your volume pool.
Page 135 AWS Storage Gateway User Guide Using Your Tape Gateway In the Client List window, choose Add, type the host name of your computer in the Name column, and then choose Next. This step applies the policy you are deﬁning to localhost (your client computer).
Page 136 AWS Storage Gateway User Guide Using Your Tape Gateway 11. In the Policy Conﬁguration wizard, choose Finish. The policy runs the backups according to the schedule. You can also perform a manual backup at any time, which we do in the next step.
Page 137 AWS Storage Gateway User Guide Using Your Tape Gateway In the Manual Backup Started dialog box that appears, choose OK. On the navigation pane, choose Activity Monitor to view the status of your backup in the Job ID column. To ﬁnd the barcode of the virtual tape where NetBackup wrote the ﬁle data during the backup, look in the Job Details window as described in the following procedure.
Page 138 AWS Storage Gateway User Guide Using Your Tape Gateway To archive a virtual tape In the NetBackup Administration console, expand the Media and Device Management node, and expand the Media node. Expand Robots and choose TLD(0). Open the context (right-click) menu for the virtual tape you want to archive, and choose Eject Volume From Robot.
Page 139 Choose Close to close the Eject Volumes window. In the AWS Storage Gateway console, verify the status of the tape you are archiving in the gateway's VTL. It can take some time to ﬁnish uploading data to AWS. During this time, the ejected tape is listed in the gateway's VTL with the status IN TRANSIT TO VTS.
Page 140: Activating A Gateway In A Virtual Private Cloud
Gateway by Using the AWS Storage Gateway Console and Removing Associated Resources (p. 281). Delete the AWS Storage Gateway VM from your on-premises host. If you created your gateway on an Amazon EC2 instance, terminate the instance. Activating a Gateway in a Virtual Private Cloud You can create a private connection between your on-premises software appliance and cloud-based storage infrastructure.
Page 141: Creating A Gateway Using A Vpc Endpoint
To use a gateway with Storage Gateway VPC endpoint in your VPC, you do the following: • Use the VPC console to create a VPC endpoint for Storage Gateway and get the VPC endpoint ID. • If you are activating ﬁle gateway, you need to create a VPC endpoint for Amazon S3.
Page 142 If you are creating ﬁle gateway, you need to create an endpoint for Amazon S3 also. Follow the same steps as shown in To create a VPC endpoint for AWS Storage Gateway section above but you choose com.amazonaws.us-east-2.s3 under Service Name instead. Then you select the route table that you want the S3 endpoint associated with instead of subnet/security group.
Page 143 In contrast, thin provisioning allocates storage on demand. On-demand allocation can aﬀect the normal functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in thick- provisioned format.
Page 144 AWS Storage Gateway User Guide Creating a Gateway Using a VPC Endpoint Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in ﬁxed- size provisioned format. • When allocating disks, choose virtual hard disk (.vhd) ﬁle. Storage Gateway supports the .vhdx ﬁle type.
Page 145 IP address from your gateway VM local console or your hypervisor client. For gateways deployed and activated on an Amazon EC2 instance, you can get the IP address from the Amazon EC2 console. The activation process associates your gateway with your AWS account. Your gateway VM must be running for activation to succeed.
Page 146 AWS Storage Gateway User Guide Creating a Gateway Using a VPC Endpoint • TCP 1031 • TCP 2222 If you don't have an Amazon EC2 proxy, follow these steps to setup and conﬁgure a http proxy. To setup a proxy server Launch an Amazon EC2 Linux AMI.
Page 147 You now conﬁgure the http proxy for Storage Gateway to use it. When conﬁguring the gateway to use a proxy, use the default squid port 3128. The squid conf that is generated covers the following required TCP ports by default: •...
Page 148 Activating a ﬁle gateway requires additional setup. To activate your gateway The gateway type, endpoint type, and AWS Region you selected are shown on the activation page. To complete the activation process, provide information on the activation page to conﬁgure your gateway setting: •...
Page 149 Choose Save and continue to save your conﬁguration settings. Allow Traﬃc to Required Ports in Your HTTP Proxy If you are using a HTTP Proxy, you need to allow traﬃc from Storage Gateway to the destinations and ports listed below.
Page 150 (Required only for File Gateway) When Storage Gateway is communicating through the VPC endpoint, it communicates with the AWS services through multiple ports on the Storage Gateway VPC endpoint and port 443 on the S3 private endpoint. • TCP ports on Storage Gateway VPC endpoint.
Page 151: Managing Your Gateway
After your ﬁle gateway is activated and running, you can add additional ﬁle shares and grant access to Amazon S3 buckets. Buckets that you can grant access to include buckets in a diﬀerent AWS account than your ﬁle share. For information about how to add a ﬁle share, see Creating a File Share (p.
Page 152 You can create the role and access policy yourself, or your ﬁle gateway can create them for you. If your ﬁle gateway creates the policy for you, the policy contains a list of S3 actions. For information about roles and permissions, see Creating a Role to Delegate Permissions to an AWS Service in the IAM User Guide.
Page 153: Deleting A File Share
Cross-account access is when an AWS account and users for that account are granted access to resources that belong to another AWS account. With ﬁle gateways, you can use a ﬁle share in one AWS account to access objects in an Amazon S3 bucket that belongs to a diﬀerent AWS account.
Page 154 ﬁle share might have already been deleted, meaning that uploading the speciﬁed data is no longer possible. In these cases, you can forcibly delete the ﬁle share by using the AWS Management Console or the DeleteFileShare API operation. This operation aborts the data upload process. When it does, the ﬁle share enters the FORCE_DELETING status.
Page 155: Editing Storage Settings For Your File Share
Export as option for your ﬁle share. Possible Export as options include, for example, Read-write. To edit the ﬁle share settings Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose File shares, and then choose the ﬁle share that you want to update.
Page 156: Editing Metadata Defaults For Your Nfs File Share
These values include Unix permissions for ﬁles and folders. You can edit the metadata defaults on the AWS Storage Gateway Management Console. When your ﬁle gateway stores ﬁles and folders in Amazon S3, the Unix ﬁle permissions are stored in object metadata.
Page 157: Editing Access Settings For Your Nfs File Share
ﬁle share. To edit NFS access settings Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose File shares, and then choose the NFS ﬁle share that you want to edit. For Actions, choose Edit share access settings.
Page 158 Active Directory domain and allows members of the domain to access the SMB ﬁle share. Note Using AWS Directory Service, you can create a hosted Active Directory domain service in the AWS Cloud. Anyone who can provide the correct password gets guest access to the SMB ﬁle share.
Page 159 Editing Access Settings for Your SMB File Share To enable Active Directory authentication Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. Choose Gateways, and on the Gateway page, choose the box next to the ﬁle gateway that you want to enable Active Directory authentication for.
Page 160: Refreshing Objects In Your Amazon S3 Bucket
Amazon S3 bucket associated with your ﬁle share. Your gateway uses this cached inventory to reduce the latency and frequency of S3 requests. To refresh the S3 bucket for your ﬁle share, you can use the AWS Storage Gateway console or the RefreshCache operation in the AWS Storage Gateway API.
Page 161: Using S3 Object Lock With File Gateway
You can see ﬁle share status on the AWS Storage Gateway console. File share status appears in the Status column for each ﬁle share in your gateway. A ﬁle share that is functioning normally has the status of AVAILABLE.
Page 162: File Share Best Practices
The following example policy denies all roles except the role that created the bucket to write to the S3 bucket. The s3:DeleteObject and s3:PutObject actions are denied for all roles except "TestUser". The policy applies to all objects in the "arn:aws:s3:::TestBucket/*" bucket. "Version":"2012-10-17", "Statement":[...
Page 163: Managing Your Volume Gateway
Determining the Size of Upload Buﬀer to Allocate (p. 221). You can add volumes using the AWS Storage Gateway console or AWS Storage Gateway API. For information on using the AWS Storage Gateway API to add volumes, see CreateCachediSCSIVolume. For instructions on how to add a volume using the AWS Storage Gateway console, see Creating a Volume (p.
Page 164: Expanding The Size Of A Volume
Cloning a Volume You can create a new volume from any existing cached volume in the same AWS Region. The new volume is created from the most recent recovery point of the selected volume. A volume recovery point is a point in time at which all data of the volume is consistent.
Page 165 Choose Clone from last recovery point and select a volume ID for Source volume. The source volume can be any cached volume in the selected AWS Region. Type a name for iSCSI target name. The target name can contain lowercase letters, numbers, periods (.), and hyphens (-). This target name appears as the iSCSI target node name in the Targets tab of the iSCSI Microsoft initiator UI after discovery.
Page 166: Viewing Volume Usage
Find and restore the snapshot. Viewing Volume Usage When you write data to a volume, you can view the amount of data stored on the volume in the AWS Storage Gateway Management Console. The Details tab for each volume shows the volume usage information.
Page 167: Deleting A Volume
As your data and performance needs grow, you might want to move your volumes to a diﬀerent volume gateway. To do so, you can detach and attach a volume by using the Storage Gateway console or API. By detaching and attaching a volume, you can do the following: •...
Page 168 Moving Your Volumes to a Diﬀerent Gateway When you detach a volume, your gateway uploads and stores the volume data and metadata to the AWS Storage Gateway service in AWS. You can easily attach a detached volume to a gateway on any supported host platform later.
Page 169: Reducing The Amount Of Billed Storage On A Volume
Your snapshot is listed in the Snapshots in the same row as the volume. Editing a Snapshot Schedule For stored volumes, AWS Storage Gateway creates a default snapshot schedule of once a day. Note You can't remove the default snapshot schedule. Stored volumes require at least one snapshot schedule.
Page 170: Deleting Snapshots
The following Java code example lists the snapshots for each volume of a gateway and whether the snapshot start time is before or after a speciﬁed date. It uses the AWS SDK for Java API for AWS Storage Gateway and Amazon EC2. The Amazon EC2 API includes operations for working with snapshots.
Page 171 AWS Storage Gateway User Guide Deleting Snapshots the view option (that is, with viewOnly set to true) to see what the code deletes. For a list of AWS service endpoints you can use with AWS Storage Gateway, see Regions and Endpoints in the AWS General Reference.
Page 172 AWS Storage Gateway User Guide Deleting Snapshots String marker = null; do { ListVolumesRequest request = new ListVolumesRequest().withGatewayARN(gatewayARN); ListVolumesResult result = sgClient.listVolumes(request); marker = result.getMarker(); for (VolumeInfo vi : result.getVolumeInfos()) volumes.add(vi); System.out.println(OutputVolumeInfo(vi)); } while (marker != null); return volumes; private static void DeleteSnapshotsForVolumes(List<VolumeInfo> volumes,...
Page 173 Run the code ﬁrst with just the view option (that is, with viewOnly set to true) to see what the code deletes. For a list of AWS service endpoints you can use with AWS Storage Gateway, see...
Page 174 String AwsSecretKey = "***********************"; /* AWS Account number, 12 digits, no hyphen */ static String OwnerID = "123456789012"; /* Your Gateway ARN. Use a Storage Gateway ID, sgw-XXXXXXXX* */ static String GatewayARN = "arn:aws:storagegateway:ap- southeast-2:123456789012:gateway/sgw-XXXXXXXX"; /* Snapshot status: "completed", "pending", "error" */ static String SnapshotStatus = "completed";...
Page 175 // Create an EC2 client. ec2Config = new AmazonEC2Config(); ec2Config.ServiceURL = "https://ec2." + AwsRegion + ".amazonaws.com"; ec2Client = new AmazonEC2Client(AwsAccessKey, AwsSecretKey, ec2Config); // Create a Storage Gateway client. sgConfig = new AmazonStorageGatewayConfig(); sgConfig.ServiceURL = "https://storagegateway." + AwsRegion + ".amazonaws.com"; sgClient = new AmazonStorageGatewayClient(AwsAccessKey, AwsSecretKey, sgConfig);...
Page 176 AWS Storage Gateway User Guide Deleting Snapshots Filter ownerFilter = new Filter(); List<String> ownerValues = new List<String>(); ownerValues.Add(OwnerID); ownerFilter.Name = "owner-id"; ownerFilter.Values = ownerValues; describeSnapshotsRequest.Filters.Add(ownerFilter); Filter statusFilter = new Filter(); List<String> statusValues = new List<String>(); statusValues.Add(SnapshotStatus); statusFilter.Name = "status"; statusFilter.Values = statusValues;...
Page 177 The following PowerShell script example lists the snapshots for each volume of a gateway and whether the snapshot start time is before or after a speciﬁed date. It uses the AWS Tools for Windows PowerShell cmdlets for AWS Storage Gateway and Amazon EC2. The Amazon EC2 API includes operations for working with snapshots.
Page 178: Understanding Volume Status And Transitions
AWS Storage Gateway User Guide Understanding Volume Status and Transitions 2) Credentials and AWS Region stored in session using Initialize-AWSDefault. For more info see, https://docs.amazonaws.cn/powershell/latest/userguide//specifying- your-aws-credentials.html .EXAMPLE powershell.exe .\SG_DeleteSnapshots.ps1 #> # Criteria to use to filter the results returned. $daysBack = 18 $gatewayARN = "*** provide gateway ARN ***"...
Page 179 You can ﬁnd information following to help you decide when you need to act. You can see volume status on the AWS Storage Gateway console or by using one of the Storage Gateway API operations, for example DescribeCachediSCSIVolumes or DescribeStorediSCSIVolumes.
Page 180 331). Pass Through Data maintained locally is out of sync with data stored in AWS. Data written to a volume while the volume is in Pass Through status remains in the cache until the volume status is Bootstrapping. This data starts to upload to AWS when Bootstrapping status begins.
Page 181 221). Understanding Attachment Status You can detach a volume from a gateway or attach it to a gateway by using the Storage Gateway console or API. The following table shows volume attachment status on the Storage Gateway console. Volume attachment status appears in the Attachment status column for each storage volume on your gateway.
Page 182 AWS Storage Gateway User Guide Understanding Volume Status and Transitions Understanding Cached Volume Status Transitions Use the following state diagram to understand the most common transitions between statuses for volumes in cached gateways. You don't need to understand the diagram in detail to use your gateway eﬀectively.
Page 183 Note The volume status of Pass Through appears as yellow in this diagram. However, this doesn't match the color of this status icon in the Status box of the Storage Gateway console. Understanding Stored Volume Status Transitions Use the following state diagram to understand the most common transitions between statuses for volumes in stored gateways.
Page 184 AWS Storage Gateway User Guide Understanding Volume Status and Transitions Color Volume Status bootstrapping. Other than the speciﬁc scenario mentioned, yellow (Pass Through status) indicates that there is a potential issue with the storage volume, the most common one being an upload buﬀer issue.
Page 185: Managing Your Tape Gateway
Note The volume status of Pass Through appears as yellow in this diagram. However, this doesn't match the color of this status icon in the Status box of the Storage Gateway console. Managing Your Tape Gateway Following, you can ﬁnd information about how to manage your tape gateway resources.
Page 186 AWS Storage Gateway User Guide Adding Tapes the columns and in the Details tab of your tape library. For information about tape gateway tape limits, AWS Storage Gateway Limits (p. 395). You can create additional tapes directly in a preselected pool that represents the storage you want the tapes to be archived in.
Page 187: Archiving Tapes
AWS Storage Gateway User Guide Archiving Tapes Note Tapes created before March 27, 2019, are archived directly in Amazon S3 Glacier when your backup software ejects it. Archiving Virtual Tapes You can archive your tapes to Amazon S3 Glacier or DEEP_ARCHIVE. When you create a tape, you choose the archive pool that you want to use to archive your tape.
Page 188: Retrieving Archived Tapes
Retrieved virtual tapes are read-only. Viewing Tape Usage When you write data to a tape, you can view the amount of data stored on the tape in the AWS Storage Gateway Management Console. The Details tab for each tape shows the tape usage information.
Page 189: Deleting Tapes
This value is not available for tapes created before May 13, 2015. Deleting Tapes You can delete virtual tapes from your tape gateway by using the AWS Storage Gateway console. Note If the tape you want to delete from your tape gateway has a status of RETRIEVED, you must ﬁrst eject the tape using your backup application before deleting the tape.
Page 190: Understanding Tape Status
Understanding Tape Status the gateway isn't sent to AWS. You can only disable a gateway on the Storage Gateway console if the gateway is no longer connected to AWS. If the gateway is connected to AWS, you can't disable the tape gateway.
Page 191 You can use the following procedure to determine the status of a virtual tape in an archive. To determine the status of a virtual tape Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. In the navigation pane, choose Tapes. In the Status column of the tape library grid, check the status of the tape.
Page 192: Monitoring Your Gateway And Resources
AWS cloud. With metrics, you can track the health of your gateway and set up alarms to notify you when one or more metrics fall outside a deﬁned threshold.
Page 193 AWS Storage Gateway User Guide AWS Storage Gateway Metrics The following table describes the AWS Storage Gateway metrics that you can use to get information about your gateways. Specify the GatewayId or GatewayName dimension for each metric to view the data for a gateway.
Page 194 AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL Units: Bytes The total number of CloudDownloadLatency milliseconds spent reading data from AWS during the reporting period. Use this metric with the Average statistic to measure latency.
Page 195 AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL The total number of UploadBufferUsed bytes being used in the gateway's upload buﬀer. The sample is taken at the end of the reporting period. Units: Bytes...
Page 196 AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL ReadTime The total number of milliseconds spent to do read operations from your on-premises applications in the reporting period for all volumes in the gateway. Use this metric with the Average statistic to measure latency.
Page 197 AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL The total number WriteTime of milliseconds spent to do write operations from your on-premises applications in the reporting period for all volumes in the gateway. Use this metric with the Average statistic to measure latency.
Page 198 AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL The total amount of WorkingStorageFree unused space in the gateway's working storage. The sample is taken at the end of the reporting period. Note Working storage...
Page 199 AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored Gateway-VTL Percent use of the WorkingStoragePercentUsed gateway's upload buﬀer. The sample is taken at the end of the reporting period. Note Working storage applies only to the...
Page 200 UploadBufferUsed. Units: Bytes The following table describes the AWS Storage Gateway metrics that you can use to get information about your storage volumes. Specify the VolumeId dimension for each metric to view the data for a storage volume. Metric...
Page 201 AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored This metric applies only to cached volumes. The sample is taken at the end of the reporting period. When there are no application read operations from the volume, this metric reports 100 percent.
Page 202 AWS Storage Gateway User Guide AWS Storage Gateway Metrics Metric Description Gateway-Cached Gateway-Stored The total number of bytes ReadBytes read from your on-premises applications in the reporting period. Use this metric with the Sum statistic to measure throughput and with the Samples statistic to measure IOPS.
Page 203: Dimensions For Aws Storage Gateway Metrics
The WorkingStoragePercentUsed, WorkingStorageUsed, and WorkingStorageFree metrics represent the upload buﬀer for the stored volumes setup only before the release of the cached-volume feature in Storage Gateway. Now you should use the equivalent upload buﬀer metrics UploadBufferPercentUsed, UploadBufferUsed, and UploadBufferFree. These metrics apply to both gateway architectures.
Page 204 Choose Create Alarm to start the Create Alarm Wizard. Specify a metric for your alarm. On the Select Metric page of the Create Alarm Wizard, choose the AWS/ StorageGateway:GatewayId,GatewayName dimension, and then ﬁnd the gateway that you want to work with.
Page 205: Monitoring Cache Storage
AWS Storage Gateway User Guide Monitoring Cache Storage Conﬁrm your subscription by clicking the link in the email. A subscription conﬁrmation appears. Monitoring Cache Storage You can ﬁnd information following about how to monitor a gateway's cache storage and how to create an alarm so that you get a notiﬁcation when parameters of the cache pass speciﬁed thresholds.
Page 206: Monitoring Your File Share
Create a target such as an Amazon SNS topic or Lambda function to invoke when the event you requested in AWS Storage Gateway is triggered. Create a rule in the Amazon CloudWatch Events Console to invoke targets based on an event in AWS Storage Gateway.
Page 207 Getting Notiﬁed About File Operations The following example shows a rule that triggers the speciﬁed event type in the speciﬁed gateway and in the speciﬁed AWS Region. For example, you could specify the Storage Gateway File Upload Event as the event type.
Page 208 A description of the of the event that triggered the notiﬁcation that was sent. source The AWS service that is the source of the request and notiﬁcation. account The id of the AWS account where the request and notiﬁcation were generated from.
Page 209 A description of the type of the event that triggered notiﬁcation that was sent. source The AWS service that is the source of the request and notiﬁcation. account The id of the AWS account where the request and notiﬁcation were generated from.
Page 210: Understanding File Share Metrics
["/"]. Understanding File Share Metrics You can ﬁnd information following about the Storage Gateway metrics that cover ﬁle shares. Each ﬁle share has a set of metrics associated with it. Some ﬁle share-speciﬁc metrics have the same name as certain gateway-speciﬁc metrics. These metrics represent the same kinds of measurements but are scoped to the ﬁle share instead.
Page 211: Monitoring Your Volume Gateway
AWS cloud. With metrics, you can track the health of your gateway and set up alarms to notify you when one or more metrics fall outside a deﬁned threshold.
Page 212: Using Amazon Cloudwatch Metrics
Guide. Using Amazon CloudWatch Metrics You can get monitoring data for your gateway using either the AWS Management Console or the CloudWatch API. The console displays a series of graphs based on the raw data from the CloudWatch API. You can also use the CloudWatch API through one of the...
Page 213: Measuring Performance Between Your Application And Gateway
When you use the correct aggregation statistic, you can use Storage Gateway metrics to measure these values. A statistic is an aggregation of a metric over a speciﬁed period of time. When you view the values of a...
Page 214: Measuring Performance Between Your Gateway And Aws
Storage Gateway is performing. These three values can be measured using the Storage Gateway metrics provided for you when you use the correct aggregation statistic. The following table summarizes the metrics and corresponding statistic to use to measure the throughput, latency, and input/output operations per second (IOPS) between your gateway and AWS.
Page 215 Divide this value by the Period value (5 minutes) to get the throughput at that sample point. For the point highlighted, the throughput from the gateway to AWS is 555,544,576 bytes divided by 300 seconds, which is 1.7 megabytes per second.
Page 216 Choose Alarms. Choose Create Alarm to start the Create Alarm Wizard. Choose the Storage Gateway dimension, and ﬁnd the gateway that you want to work with. Choose the CloudBytesUploaded metric. To deﬁne the alarm, deﬁne the alarm state when the CloudBytesUploaded metric is greater than or equal to a speciﬁed value for a speciﬁed time.
Page 217: Understanding Volume Metrics
Choose Create Alarm. Understanding Volume Metrics You can ﬁnd information following about the Storage Gateway metrics that cover a volume of a gateway. Each volume of a gateway has a set of metrics associated with it. Note that some volume-speciﬁc metrics have the same name as certain gateway-speciﬁc metrics.
Page 218 AWS Storage Gateway User Guide Understanding Volume Metrics Metric Description Cached volumes Stored volumes Understanding Gateway Metrics (p. 185). Units: Percent The volume's CachePercentUsed contribution to the overall percent use of the gateway's cache storage. The sample is taken at the end of the reporting period.
Page 219: Monitoring Your Tape Gateway
In this section, you can ﬁnd information about how to monitor your tape gateway, virtual tapes associated with your tape gateway, cache storage, and the upload buﬀer. You use the AWS Management Console to view metrics for your tape gateway. With metrics, you can track the health of your tape gateway and set up alarms to notify you when one or more metrics are outside a deﬁned threshold.
Page 220: Using Amazon Cloudwatch Metrics
Using Amazon CloudWatch Metrics Using Amazon CloudWatch Metrics You can get monitoring data for your tape gateway by using either the AWS Management Console or the CloudWatch API. The console displays a series of graphs based on the raw data from the CloudWatch API.
Page 221 Sum CloudWatch statistic. For example, the Sum value of the CloudBytesDownloaded metric over a sample period of 5 minutes divided by 300 seconds gives you the throughput from AWS to the tape gateway as a rate in bytes per second.
Page 222: Logging Storage Gateway Api Calls With Aws Cloudtrail
Logging Storage Gateway API Calls with AWS CloudTrail AWS Storage Gateway is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Storage Gateway. CloudTrail captures all API calls for Storage API Version 2013-06-30...
Page 223: Storage Gateway Information In Cloudtrail
A trail enables CloudTrail to deliver log ﬁles to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log ﬁles to the Amazon S3 bucket that you specify.
Page 224 " eventSource ":" storagegateway.amazonaws.com ", " eventName ":" ListGateways ", " awsRegion ":" us-east-2 ", " sourceIPAddress ":" 192.0.2.0 ", " userAgent ":" aws - cli / 1.6.2 Python / 2.7.6 Linux / 2.6.18 - 164.el5 ", " requestParameters ":null, " responseElements ":null, "requestID ":"...
Page 225 AWS Storage Gateway User Guide Understanding Storage Gateway Log File Entries " eventID ":" f76e5919 - 9362 - 48ff - a7c4 - d203a189ec8d ", " eventType ":" AwsApiCall ", " apiVersion ":" 20130630 ", " recipientAccountId ":" 444455556666" API Version 2013-06-30...
Page 226: Maintaining Your Gateway
VM. Although this section focuses on starting and stopping your gateway using the AWS Storage Gateway Management Console, you can also and stop your gateway by using your VM local console or AWS Storage Gateway API. When you power on your VM, remember to restart your gateway.
Page 227: Managing Local Disks
If the gateway was uploading data when it was stopped, the upload will resume when you start the gateway. To start a volume or tape gateway Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. In the navigation pane, choose Gateways and then choose the gateway to start. The status of the gateway is Shutdown.
Page 228: Sizing The Upload Buﬀer
BOOTSTRAPPING status. In this status, any new data that was persisted locally is uploaded to AWS. Finally, the volume returns to ACTIVE status. Storage Gateway then resumes normal synchronization of the data stored locally with the copy stored in AWS, and you can start taking new snapshots.
Page 229: Sizing Cache Storage
AWS Storage Gateway User Guide Sizing Cache Storage any of your volume data to its upload buﬀer and does not upload any of this data to AWS until Storage Gateway synchronizes the data stored locally with the copy of the data stored in AWS.
Page 230: Conﬁguring An Upload Buﬀer And Cache Storage
Volumes for Your Gateway Hosted on Amazon EC2 (p. 356). You conﬁgure this disk as an upload buﬀer or cache storage. Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. In the navigation pane, choose Gateways. In the Actions menu, choose Edit local disks.
Page 231: Managing Bandwidth
You can now restart or stop the ﬁle gateway without risk of losing any data. Managing Bandwidth for Your Gateway You can limit (or throttle) the upload throughput from the gateway to AWS or the download throughput from your AWS to your gateway. Using bandwidth throttling helps you to control the amount of network bandwidth used by your gateway.
Page 232: Using The Aws Sdk For Java
The following example demonstrates how to update a gateway's bandwidth rate limits using the AWS SDK for Java. To use the example code, you should be familiar with running a Java console application. For more information, see...
Page 233: Using The Aws Sdk For .Net
The following C# code example updates a gateway's bandwidth rate limits. You need to update the code and provide the service endpoint, your gateway Amazon Resource Name (ARN), and the upload and download limits. For a list of AWS service endpoints you can use with AWS Storage Gateway, see Regions and Endpoints in the AWS General Reference.
Page 234: Using The Aws Tools For Windows Powershell
The following example demonstrates how to update a gateway's bandwidth rate limits using the AWS Tools for Windows PowerShell. To use the example code, you should be familiar with running a PowerShell script. For more information, see...
Page 235: Managing Gateway Updates
Before any update is applied to your gateway, AWS notiﬁes you with a message on the Storage Gateway console and your AWS Personal Health Dashboard. For more information, see AWS Personal Health Dashboard.
Page 236: Performing Maintenance Tasks On The Local Console
These default login credentials give you access to menus where you can conﬁgure gateway network settings and change the password from the local console. AWS Storage Gateway enables you to set your own password from the Storage API Version 2013-06-30...
Page 237 We recommend that you always set a new password immediately after you create your new gateway. You can set this password from the AWS Storage Gateway console rather than the local console if you want. You don't need to know the default password to set a new password.
Page 238 HTTP proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, AWS Storage Gateway routes all HTTP traﬃc through your proxy server. For information about network requirements for your gateway, see Network and Firewall Requirements (p.
Page 239 • For more information on logging in to the Microsoft Hyper-V local console, see Access the Gateway Local Console with Microsoft Hyper-V (p. 274). On the AWS Appliance Activation - Conﬁguration main menu, enter 2 to begin conﬁguring your network. API Version 2013-06-30...
Page 240 AWS Storage Gateway User Guide Performing Tasks on the VM Local Console (File Gateway) On the Network Conﬁguration menu, choose one of the following options. Do This Get information about your network adapter Enter 1. A list of adapter names appears, and you are prompted to enter an adapter name—for...
Page 241 • Secondary DNS address Important If your gateway has already been activated, you must shut it down and restart it from the Storage Gateway console for the settings to take eﬀect. For more information, see Shutting Down Your Gateway VM (p.
Page 242 • For more information on logging in to the Microsoft Hyper-V local console, see Access the Gateway Local Console with Microsoft Hyper-V (p. 274). On the AWS Appliance Activation - Conﬁguration main menu, enter 3 to begin testing network connectivity. API Version 2013-06-30...
Page 243 Each endpoint in the selected AWS Region displays either a PASSED or FAILED message, as shown following. • If you selected VPC (PrivateLink), each VPC endpoint (DNS/IP) in the AWS Region displays either a PASSED or FAILED message, as shown following.
Page 244 Gateway Local Console with Microsoft Hyper-V (p. 274). In the AWS Appliance Activation - Conﬁguration main menu, enter 4 to view the results of a system resource check. The console displays an [OK], [WARNING], or [FAIL] message for each resource as described in the table following.
Page 245 Access the Gateway Local Console with Microsoft Hyper-V (p. 274). In the AWS Appliance Activation - Conﬁguration main menu, enter 5 to manage your system's time. In the System Time Management menu, choose one of the following options. Do This View and synchronize your VM time with NTP Enter 1.
Page 246 Your NTP server conﬁguration is displayed. Running Storage Gateway Commands on the Local Console The VM local console in Storage Gateway helps provide a secure environment for conﬁguring and diagnosing issues with your gateway. Using the local console commands, you can perform maintenance tasks such as saving routing tables, connecting to AWS Support, and so on.
Page 247 To learn about a command, enter the command name at the command prompt. Conﬁguring Network Adapters for Your Gateway By default, AWS Storage Gateway is conﬁgured to use the E1000 network adapter type, but you can reconﬁgure your gateway to use the VMXNET3 (10 GbE) network adapter. You can also conﬁgure Storage Gateway so it can be accessed by more than one IP address.
Page 248 Performing Tasks on the VM Local Console (File Gateway) Conﬁguring Your Gateway to Use the VMXNET3 Network Adapter AWS Storage Gateway supports the E1000 network adapter type in both VMware ESXi and Microsoft Hyper-V Hypervisor hosts. However, the VMXNET3 (10 GbE) network adapter type is supported in VMware ESXi hypervisor only.
Page 249 AWS Storage Gateway User Guide Performing Tasks on the VM Local Console (File Gateway) After your gateway restarts, reconﬁgure the adapter you just added to make sure that network connectivity to the internet is established. To conﬁgure the adapter for the network In the VSphere client, choose the Console tab to start the local console.
Page 250 Performing Tasks on the VM Local Console (File Gateway) If your gateway is already activated, you must shut it down and restart it from the AWS Storage Gateway Management Console. After the gateway restarts, you must test network connectivity to the internet.
Page 251: Performing Tasks On The Ec2 Local Console (File Gateway)
Log in to your local console. If you are connecting to your EC2 instance from a Windows computer, log in as admin. After you log in, you see the AWS Appliance Activation - Conﬁguration main menu, as shown in the following screenshot.
Page 252 If your gateway must use a proxy server to communicate to the internet, then you need to conﬁgure the HTTP proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, AWS Storage Gateway routes all HTTPS traﬃc through your proxy server.
Page 253 AWS Storage Gateway User Guide Performing Tasks on the EC2 Local Console (File Gateway) Choose one of the following options in the AWS Appliance Activation - Conﬁguration HTTP Proxy Conﬁguration menu. Do This Conﬁgure an HTTP proxy Enter 1. You need to supply a host name and port to complete conﬁguration.
Page 254 Logging In to Your Amazon EC2 Gateway Local Console (p. 244). On the AWS Appliance Activation - Conﬁguration main menu, enter 2 to begin conﬁguring your DNS server. On the Network Conﬁguration menu, choose one of the following options. API Version 2013-06-30...
Page 255 Log in to your gateway's local console. For instructions, see Logging In to Your Amazon EC2 Gateway Local Console (p. 244). In the AWS Storage Gateway Conﬁguration main menu, enter 3 to begin testing network connectivity. The console displays the available AWS Regions. Choose option 1 for Storage Gateway.
Page 256 Log in to your gateway's local console. For instructions, see Logging In to Your Amazon EC2 Gateway Local Console (p. 244). In the AWS Storage Gateway Conﬁguration main menu, enter 4 to view the results of a system resource check. API Version 2013-06-30...
Page 257 Running Storage Gateway Commands on the Local Console The AWS Storage Gateway console helps provide a secure environment for conﬁguring and diagnosing issues with your gateway. Using the console commands, you can perform maintenance tasks such as saving routing tables or connecting to AWS Support.
Page 258 Local Console (p. 244). In the AWS Appliance Activation Conﬁguration main menu, enter 5 for Gateway Console. In the command prompt, enter h, and then press the Return key. The console displays the AVAILABLE COMMANDS menu with the available commands. After the menu, a gateway console prompt appears, as shown in the following screenshot.
Page 259: Performing Tasks On The Vm Local Console (Volume And Tape Gateways)
Storage Gateway enables you to set your own password from the AWS Storage Gateway console instead of changing the password from the local console. You don't need to know the default password to set a new password.
Page 260 We recommend that you always set a new password immediately after you create your new gateway. You can set this password from the AWS Storage Gateway console rather than the local console if you want. You don't need to know the default password to set a new password.
Page 261 SOCKS or HTTP proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, AWS Storage Gateway routes all HTTP traﬃc through your proxy server. For information about network requirements for your gateway, see Network and Firewall Requirements (p.
Page 262 Accessing the Gateway Local Console with VMware ESXi (p. 273). • Microsoft Hyper-V—for more information, see Access the Gateway Local Console with Microsoft Hyper-V (p. 274). On the AWS Storage Gateway Conﬁguration main menu, type 1 to begin conﬁguring the HTTP proxy. API Version 2013-06-30...
Page 263 AWS Storage Gateway User Guide Performing Tasks on the VM Local Console (Volume and Tape Gateways) Choose one of the following options on the AWS Storage Gateway HTTP Proxy Conﬁguration menu: Do This Conﬁgure a HTTP proxy Type option 1.
Page 264 Access the Gateway Local Console with Microsoft Hyper-V (p. 274). On the AWS Storage Gateway Conﬁguration main menu, type option 2 to begin conﬁguring a static IP address. Choose one of the following options on the AWS Storage Gateway Network Conﬁguration menu:...
Page 265 AWS Storage Gateway User Guide Performing Tasks on the VM Local Console (Volume and Tape Gateways) Do This • Gateway IP address • DHCP enabled status You use the same adapter name when you conﬁgure a static IP address (option 3) as when you set your gateway's default route adapter (option 5).
Page 266 • Secondary DNS address Important If your gateway has already been activated, you must shut it down and restart it from the AWS Storage Gateway console for the settings to take eﬀect. For more information, see Shutting Down Your Gateway VM (p.
Page 267 All network interfaces are set to use DHCP. Important If your gateway has already been activated, you must shut down and restart your gateway from the AWS Storage Gateway console for the settings to take eﬀect. For more information, Shutting Down Your Gateway VM (p. 219).
Page 268 On the AWS Storage Gateway Conﬁguration main menu, type option 3 to begin testing network connectivity. The console displays the available regions. Select the region you want to test. For example, us-east-2. For supported AWS Regions and a list of AWS service endpoints you can use with Storage Gateway, see Regions and Endpoints in the AWS General Reference.
Page 269 Hyper-V (p. 274). On the AWS Storage Gateway Conﬁguration main menu, type option 5 for Gateway Console. On the AWS Storage Gateway console, type h, and then press the Return key. The console displays the Available Commands menu with the available commands and after the menu a Gateway Console prompt, as shown in the following screenshot.
Page 270 Access the Gateway Local Console with Microsoft Hyper-V (p. 274). In the AWS Storage Gateway Conﬁguration main menu, type 6 to view the results of a system resource check. The console displays an [OK], [WARNING], or [FAIL] message for each resource as described in the table following.
Page 271 Console (Volume and Tape Gateways) Conﬁguring Network Adapters for Your Gateway By default, AWS Storage Gateway is conﬁgured to use the E1000 network adapter type, but you can reconﬁgure your gateway to use the VMXNET3 (10 GbE) network adapter. You can also conﬁgure Storage Gateway so it can be accessed by more than one IP address.
Page 272 AWS Storage Gateway User Guide Performing Tasks on the VM Local Console (Volume and Tape Gateways) To remove the default E1000 adapter and conﬁgure your gateway to use the VMXNET3 adapter In VMware, open the context (right-click) menu for your gateway and choose Edit Settings.
Page 273 At the Enter the adapter prompt, type eth0, and then press Enter to continue. The only adapter available is eth0. If your gateway is already activated, you must shut it down and restart it from the AWS Storage Gateway Management Console. After the gateway restarts, you must test network connectivity to the Internet.
Page 274: Performing Tasks On The Ec2 Local Console (Volume And Tape Gateways)
AWS, then iSCSI traﬃc for that target and AWS traﬃc will ﬂow through the same adapter. When you conﬁgure one adapter to connect to the AWS Storage gateway console and then add a second adapter, storage gateway automatically conﬁgures the route table to use the second adapter as the preferred route.
Page 275 SOCKS proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, AWS Storage Gateway will route all HyperText Transfer Protocol Secure (HTTPS) traﬃc through your proxy server.
Page 276 AWS Storage Gateway User Guide Performing Tasks on the EC2 Local Console (Volume and Tape Gateways) Choose one of the following options in the AWS Storage Gateway SOCKS Proxy Conﬁguration menu: Do This Conﬁgure a SOCKS proxy Type 1. You need to supply a host name and port to complete conﬁguration.
Page 277 Console (Volume and Tape Gateways) The console displays the available regions. Select the region you want to test. For example, us-east-2. For supported AWS Regions and a list of AWS service endpoints you can use with Storage Gateway, see Regions and Endpoints in the AWS General Reference.
Page 278 Log in to your gateway's local console. For instructions, see Logging In to Your Amazon EC2 Gateway Local Console (p. 267). In the AWS Storage Gateway Conﬁguration main menu, type 4 to view the results of a system resource check. API Version 2013-06-30...
Page 279 The resource has passed the system resource check. [WARNING] The resource does not meet the recommended requirements, but your gateway will continue to function. AWS Storage Gateway displays a message that describes the results of the resource check. [FAIL] The resource does not meet the minimum requirements.
Page 280: Accessing The Gateway Local Console
AWS Storage Gateway User Guide Accessing the Gateway Local Console Accessing the Gateway Local Console How you access your VM's local console depends on the type of the Hypervisor you deployed your gateway VM on. In this section, you can ﬁnd information on how to access the VM local console using VMware ESXi and Microsoft Hyper-V Manager.
Page 281 AWS Storage Gateway User Guide Accessing the Gateway Local Console To log in using the default credentials, continue to the procedure Logging in to the Local Console Using Default Credentials (p. 252). Access the Gateway Local Console with Microsoft Hyper-V To access your gateway's local console (Microsoft Hyper-V) In the Virtual Machines list of the Microsoft Hyper-V Manager, select your gateway VM.
Page 282: Conﬁguring Network Adapters For Your Gateway
AWS Storage Gateway User Guide Conﬁguring Network Adapters for Your Gateway After a few moments, the VM is ready for you to log in. To log in default credentials, continue to the procedure Logging in to the Local Console Using Default Credentials (p.
Page 283 AWS Storage Gateway User Guide Conﬁguring Network Adapters for Your Gateway The VM can remain turned on for this procedure. In the client, open the context (right-click) menu for your gateway VM, and choose Edit Settings. On the Hardware tab of the Virtual Machine Properties dialog box, choose Add to add a device.
Page 284 In the Network Type pane, ensure that Connect at power on is selected for Type, and then choose Next. We recommend that you use the E1000 network adapter with Storage Gateway. For more information on the adapter types that might appear in the adapter list, see Network Adapter...
Page 285 The following image is for illustration only. In practice, one of the IP addresses will be the address by which the gateway communicates to AWS and the other will be an address in a diﬀerent subnet. API Version 2013-06-30...
Page 286 (p. 220). In the Navigation pane of the Storage Gateway console, choose Gateways and choose the gateway to which you added the adapter. Conﬁrm that the second IP address is listed in the Details tab. For information about local console tasks common to VMware and Hyper-V host, see Performing Tasks on the VM Local Console (Volume and Tape Gateways) (p.
Page 287 AWS Storage Gateway User Guide Conﬁguring Network Adapters for Your Gateway In the Settings dialog box for the VM, for Hardware, choose Add Hardware. In the Add Hardware pane, choose Network Adapter, and then choose Add to add a device.
Page 288: Deleting Your Gateway And Removing Resources
You can delete a gateway using the Storage Gateway console or programmatically. You can ﬁnd information following about how to delete a gateway using the Storage Gateway console. If you want to programmatically delete your gateway, see AWS Storage Gateway API Reference.
Page 289: Deleting Your Gateway By Using The Aws Storage Gateway Console
VM to activate a new gateway. To delete a gateway Open the AWS Storage Gateway console at https://console.amazonaws.cn/storagegateway/home. In the navigation pane, choose Gateways, and then choose the gateway you want to delete. On the Actions menu, choose Delete gateway.
Page 290 When you delete a tape gateway, you can encounter one of two scenarios. • The tape gateway is connected to AWS – If the tape gateway is connected to AWS and you delete the gateway, the iSCSI targets associated with the gateway (that is, the virtual tape drives and media changer) will no longer be available.
Page 291: Removing Resources From A Gateway Deployed On An Amazon Ec2 Instance
If you want to delete a gateway that you deployed on an Amazon EC2 instance, we recommend that you clean up the AWS resources that were used with the gateway, speciﬁcally the Amazon EC2 instance, any Amazon EBS volumes, and also tapes if you deployed a tape gateway. Doing so helps avoid unintended usage charges.
Page 292: Performance
AWS Storage Gateway User Guide Performance Guidance for File Gateways Performance In this section, you can ﬁnd information about AWS Storage Gateway performance. Topics • Performance Guidance for File Gateways (p. 285) • Performance Guidance for Tape Gateways (p. 286) •...
Page 293: Performance Guidance For Tape Gateways
AWS Storage Gateway User Guide Performance Guidance for Tape Gateways Performance Guidance for Tape Gateways In this section, you can ﬁnd conﬁguration guidance for provisioning hardware for your tape gateway VM. The Amazon EC2 instance sizes and types that are listed in the table are examples, and are provided for reference.
Page 294: Optimizing Gateway Performance
VMs. Providing enough CPU resources has the general eﬀect of improving throughput. AWS Storage Gateway supports using 24 CPUs in your gateway host server. You can use 24 CPUs to signiﬁcantly improve the performance of your gateway. We recommend the following gateway conﬁguration for your gateway host server:...
Page 295: Use A Larger Block Size For Tape Drives
AWS Storage Gateway User Guide Use a Larger Block Size for Tape Drives Back gateway virtual disks with separate physical disks When you provision gateway disks, we strongly recommend that you don't provision local disks for the upload buﬀer and cache storage that use the same underlying physical storage disk. For example, for VMware ESXi, the underlying physical storage resources are represented as a data store.
Page 296 (for more information on these metrics, see Measuring Performance Between Your Tape Gateway and AWS (p. 213)). For your application, compare the measured throughput with the desired throughput. If the measured throughput is less than the desired throughput, then increasing the bandwidth between your application and gateway can improve performance if the network is the bottleneck.
Page 297: Security
Creating Gateway in a Virtual Private Cloud If you use Amazon Virtual Private Cloud (Amazon VPC) to host your AWS resources, you can establish a connection between your virtual private cloud (VPC) and ﬁle gateway. You can then use this gateway to establish a connection between your IT environment and the AWS storage infrastructure without going over the public internet.
Page 298: Conﬁguring Chap Authentication
Conﬁgure CHAP credentials dialog box. To conﬁgure CHAP credentials In the AWS Storage Gateway Console, choose Volumes and select the volume for which you want to conﬁgure CHAP credentials.
Page 299: Viewing And Editing Chap Credentials
To add CHAP credentials In the AWS Storage Gateway Console, choose Volumes and select the volume for which you want to add CHAP credentials. On the Actions menu, choose Conﬁgure CHAP authentication.
Page 300: Encrypting Your Data Using Aws Kms
(CMKs) as the KMS key. The CMK that you use to encrypt your tape data can't be changed after the tape is created. For information on using the Storage Gateway API to encrypt data written to a virtual tape, see CreateTapes in the AWS Storage Gateway API Reference.
Page 301: Authentication And Access Control
IAM identity that you can create in your account that has speciﬁc permissions. An IAM role is similar to an IAM user in that it is an AWS identity with permissions policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.
Page 302: Access Control
Access Control • AWS service access – A service role is an IAM role that a service assumes to perform actions in your account on your behalf. When you set up some AWS service environments, you must deﬁne a role for the service to assume.
Page 303: Overview Of Managing Access
Overview of Managing Access Permissions to Your AWS Storage Gateway Every AWS resource is owned by an AWS account, and permissions to create or access a resource are governed by permissions policies. An account administrator can attach permissions policies to IAM identities (that is, users, groups, and roles), and some services (such as AWS Lambda) also support attaching permissions policies to resources.
Page 304 Overview of Managing Access ID to lowercase to use it with the EC2 API. For example, in Storage Gateway the ID for a volume might be vol-1122AABB. When you use this ID with the EC2 API, you must change it to vol-1122aabb.
Page 305 B. Doing this allows users in Account B to create or access resources in Account A. The principal in the trust policy can also be an AWS service principal if you want to grant an AWS service permissions to assume the role.
Page 306: Using Identity-Based Policies (Iam Policies)
• Resource – In a policy, you use an Amazon Resource Name (ARN) to identify the resource to which the policy applies. For Storage Gateway resources, you always use the wildcard character (*) in IAM policies. For more information, see AWS Storage Gateway Resources and Operations (p.
Page 307 EC2 actions don't support resource-level permissions, the policy speciﬁes the wildcard character (*) as the Resource value instead of specifying a gateway ARN. For a table showing all of the Storage Gateway API actions and the resources that they apply to, see Storage Gateway API Permissions: Actions, Resources, and Conditions Reference (p.
Page 308 You can review these permissions policies by signing in to the IAM console and searching for speciﬁc policies there. You can also create your own custom IAM policies to allow permissions for AWS Storage Gateway API actions. You can attach these custom policies to the IAM users or groups that require those permissions.
Page 309 Using Identity-Based Policies (IAM Policies) Example 1: Allow Any Storage Gateway Actions on All Gateways The following policy allows a user to perform all the Storage Gateway actions. The policy also allows the user to perform Amazon EC2 actions (DescribeSnapshots and DeleteSnapshot) on the Amazon EBS snapshots generated from Storage Gateway.
Page 310 "arn:aws:storagegateway:us-west-2:123456789012:gateway/gateway-id/*" The preceding policy works if the user to which the policy is attached uses either the API or an AWS SDK to access the gateway. However, if the user is going to use the Storage Gateway console, you must also grant permissions to allow the ListGateways action, as shown in the following example: "Version": "2012-10-17",...
Page 311 "Resource": "*" The preceding policy works if the user to whom the policy is attached uses either the API or an AWS SDK to access the volume. However, if this user is going to use the AWS Storage Gateway console, you must also grant permissions to allow the ListGateways action, as shown in the following example: "Version": "2012-10-17",...
Page 312: Using Tags To Control Access To File Gateway Resources
"Resource": "*" The preceding policy works if the user to whom the policy is attached uses either the API or an AWS SDK to access the gateway. However, if this user plans to use the AWS Storage Gateway console, you must grant additional permissions as described in Example 3: Allow Access to a Speciﬁc Gateway (p.
Page 313 AWS Storage Gateway User Guide Using Tags to Control Access to File Gateway Resources Controlling Access Based on Tags on a Resource You can use the tags on a ﬁle gateway resource to control what actions a user or role can perform on the resource.
Page 314: Using Acls For Smb File Share Access
ﬁle share by using the UpdateSMBFileShare operation with the Storage Gateway SDK or the AWS CLI. • When ACLs are enabled, the ACL information is persisted in Amazon S3 object metadata. • The gateway preserves up to 10 ACLs per ﬁle or folder.
Page 315 You can enable inheritance for ﬁle shares created after May 8, 2019. If you enable inheritance and update the permissions recursively, Storage Gateway updates all the objects in the S3 bucket. Depending on the number of objects in the bucket, the update can take a while to complete.
Page 316: Storage Gateway Api Permissions Reference
Storage Gateway API operation, the corresponding actions for which you can grant permissions to perform the action, and the AWS resource for which you can grant the permissions. You specify the actions in the policy's Action ﬁeld, and you specify the resource value in the policy's Resource ﬁeld.
Page 317 AWS Storage Gateway User Guide Storage Gateway API Permissions Reference AddTagsToResource Action(s): storagegateway:AddTagsToResource Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id arn:aws:storagegateway:region:account-id:gateway/gateway-id/volume/volume-id arn:aws:storagegateway:region:account-id:tape/tapebarcode AddUploadBuﬀer Action(s): storagegateway:AddUploadBuffer Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id AddWorkingStorage Action(s): storagegateway:AddWorkingStorage Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id CancelArchival Action(s): storagegateway:CancelArchival Resource: arn:aws:storagegateway:region:account-id:tape/tapebarcode CancelRetrieval Action(s): storagegateway:CancelRetrieval Resource: arn:aws:storagegateway:region:account-id:tape/tapebarcode CreateCachediSCSIVolume Action(s): storagegateway:CreateCachediSCSIVolume...
Page 318 AWS Storage Gateway User Guide Storage Gateway API Permissions Reference Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id DeleteBandwidthRateLimit Action(s): storagegateway:DeleteBandwidthRateLimit Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id DeleteChapCredentials Action(s): storagegateway:DeleteChapCredentials Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id/ target/iSCSItarget DeleteGateway Action(s): storagegateway:DeleteGateway Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id DeleteSnapshotSchedule Action(s): storagegateway:DeleteSnapshotSchedule Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id/ volume/volume-id DeleteTape Action(s): storagegateway:DeleteTape Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id DeleteTapeArchive...
Page 319 AWS Storage Gateway User Guide Storage Gateway API Permissions Reference Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id/ target/iSCSItarget DescribeGatewayInformation Action(s): storagegateway:DescribeGatewayInformation Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id DescribeMaintenanceStartTime Action(s): storagegateway:DescribeMaintenanceStartTime Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id DescribeSnapshotSchedule Action(s): storagegateway:DescribeSnapshotSchedule Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id/ volume/volume-id DescribeStorediSCSIVolumes Action(s): storagegateway:DescribeStorediSCSIVolumes Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id/ volume/volume-id DescribeTapeArchives Action(s): storagegateway:DescribeTapeArchives Resource: *...
Page 320 AWS Storage Gateway User Guide Storage Gateway API Permissions Reference ListGateways Action(s): storagegateway:ListGateways Resource: * ListLocalDisks Action(s): storagegateway:ListLocalDisks Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id ListTagsForResource Action(s): storagegateway:ListTagsForResource Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id arn:aws:storagegateway:region:account-id:gateway/gateway-id/volume/volume-id arn:aws:storagegateway:region:account-id:tape/tapebarcode ListTapes Action(s): storagegateway:ListTapes Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id ListVolumeInitiators Action(s): storagegateway:ListVolumeInitiators Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id/ volume/volume-id ListVolumeRecoveryPoints Action(s): storagegateway:ListVolumeRecoveryPoints...
Page 321 AWS Storage Gateway User Guide Storage Gateway API Permissions Reference Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id RetrieveTapeArchive Action(s): storagegateway:RetrieveTapeArchive Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id RetrieveTapeRecoveryPoint Action(s): storagegateway:RetrieveTapeRecoveryPoint Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id ShutdownGateway Action(s): storagegateway:ShutdownGateway Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id StartGateway Action(s): storagegateway:StartGateway Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id UpdateBandwidthRateLimit Action(s): storagegateway:UpdateBandwidthRateLimit Resource: arn:aws:storagegateway:region:account-id:gateway/gateway-id UpdateChapCredentials Action(s): storagegateway:UpdateChapCredentials...
Page 322 AWS Storage Gateway User Guide Storage Gateway API Permissions Reference Related Topics • Access Control (p. 295) • Customer Managed Policy Examples (p. 301) API Version 2013-06-30...
Page 323: Troubleshooting Your Gateway
The following table lists typical issues that you might encounter working with your on-premises gateways. Topics • Enabling AWS Support To Help Troubleshoot Your Gateway Hosted On-Premises (p. 318) Issue Action to Take You cannot ﬁnd the IP Use the hypervisor client to connect to your host to ﬁnd the gateway IP address of your gateway.
Page 324 Synchronizing Your Gateway VM Time (p. 261). • After performing these steps, you can retry the gateway deployment using the AWS Storage Gateway console and the Setup and Activate Gateway wizard. • Check that your VM has at least 7.5 GB of RAM. Gateway allocation fails if there is less than 7.5 GB of RAM.
Page 325: Enabling Aws Support To Help Troubleshoot Your Gateway
By default, AWS Support access to your gateway is disabled. You enable this access through the host's local console. To give AWS Support access to your gateway, you ﬁrst log in to the local console for the host, navigate to the storage gateway's console, and then connect to the support server.
Page 326 AWS Storage Gateway. You must allow TCP port 22 to initiate a support channel to AWS. When you connect to customer support, Storage Gateway assigns you a support number. Make a note of your support number.
Page 327: Troubleshooting Your Microsoft Hyper-V Setup
Type exit to log out of the AWS Storage Gateway console. Follow the prompts to exit the local console. Troubleshooting Your Microsoft Hyper-V Setup The following table lists typical issues that you might encounter when deploying AWS Storage Gateway on the Microsoft Hyper-V platform. Issue...
Page 328 AWS Storage Gateway User Guide Troubleshooting Your Microsoft Hyper-V Setup Issue Action to Take You try to import a gateway If you have already deployed a gateway and you try to reuse the and receive the error default folders that store the virtual hard disk ﬁles and virtual machine message: "Import failed.
Page 329 CPUs for the gateway and the available CPUs on the host. Ensure that message "The child the VM CPU count is supported by the underlying hypervisor. partition processor setting For more information about the requirements for AWS Storage is incompatible with parent Gateway, see Requirements (p.
Page 330: Troubleshooting Amazon Ec2 Gateway Issues
AWS Storage Gateway AMI should start with the text aws-storage-gateway- ami. • If you have several instances based on the AWS Storage Gateway AMI, check the instance launch time to ﬁnd the correct instance. API Version 2013-06-30...
Page 331: You Created An Amazon Ebs Volume But Can't Attach It To Your Ec2 Gateway Instance
In this case, you need to activate a new gateway. You can view the throughput to and from your gateway from the Amazon CloudWatch console. For more information about measuring throughput to and from your gateway to AWS, see Measuring Performance Between Your Gateway and AWS (p.
Page 332: Get Aws Support To Help Troubleshoot Your Gateway
Amazon EC2 Security Groups in the Amazon EC2 User Guide. To let AWS Support connect to your gateway, you ﬁrst log in to the local console for the Amazon EC2 instance, navigate to the storage gateway's console, and then provide the access.
Page 333: Troubleshooting Hardware Appliance Issues
AWS Storage Gateway. You must allow TCP port 22 to initiate a support channel to AWS. When you connect to customer support, Storage Gateway assigns you a support number. Make a note of your support number.
Page 334: How Do You Perform A Factory Reset
How Do You Perform a Factory Reset? How Do You Perform a Factory Reset? If you need to perform a factory reset on your appliance, contact the AWS Storage Gateway Hardware Appliance team for support, as described in the Support section following.
Page 335: Troubleshooting File Share Issues
The assigned port number should appear within 30 seconds, if there are no network connectivity or ﬁrewall issues. Note the port number and provide it to AWS Support. Troubleshooting File Share Issues You can ﬁnd information following about actions to take if you experience unexpected issues with your ﬁle share.
Page 336: Smb File Shares Do Not Allow Multiple Diﬀerent Access Methods
Multiple Diﬀerent Access Methods 2. If the Amazon S3 bucket exists, then verify that AWS Security Token Service is enabled in the region where you are creating the ﬁle share. If a security token is not enabled, you should enable it. For...
Page 337: Object Versioning Might Aﬀect What You See In Your File System
ﬁle share. You can also update KMS settings for your ﬁle share by using the UpdateNFSFileShare or UpdateSMBFileShare API operation. This update applies to objects stored in the Amazon S3 buckets after the update. For more information, see Encrypting Your Data Using AWS Key Management Service (p. 293).
Page 338: Your Gateway Performance Declined After You Performed A Recursive Operation
IRRECOVERABLE, you can no longer use this volume. You can try to delete the volume in the AWS Storage Gateway console. If there is data on the volume, then you can recover the data when you create a new volume based on the local disk of the VM that was initially used to create the volume. When you create the new volume, select Preserve existing data.
Page 339: Your Cached Gateway Is Unreachable And You Want To Recover Your Data
And You Want to Recover Your Data For cached volumes, if the AWS Storage Gateway console indicates that your volume has a status of IRRECOVERABLE, you can no longer use this volume. If there is data on the volume, you can create a snapshot of the volume and then recover your data from the snapshot or you can clone the volume from the last recovery point.
Page 340: You Want To Verify Volume Integrity And Fix Possible Errors
Summary tab. You can ﬁnd the Host IP address for a storage volume in the AWS Storage Gateway console in the Details tab for the volume. A discrepancy in the IP address can occur, for example, when you assign a new static IP address to your gateway.
Page 341: A Cache Disk In Your Gateway Encounters A Failure
AWS Storage Gateway User Guide A Cache Disk in Your Gateway Encounters a Failure shown in Shutting Down Your Gateway VM (p. 219). After the restart, the Host IP address in the ISCSI Target Info tab for a storage volume should match an IP address shown in the vSphere client on the Summary tab for the gateway.
Page 342: Recovering A Virtual Tape From An Unrecoverable Gateway
10. For Gateway, choose the tape gateway you want to recover the virtual tape to. 11. Choose Create recovery tape. 12. Delete the failed tape gateway so you don't get charged. For instructions, see Deleting Your Gateway by Using the AWS Storage Gateway Console and Removing Associated Resources (p. 281). API Version 2013-06-30...
Page 343 For example, an error can occur when a disk is corrupted or removed from the gateway. The AWS Storage Gateway console displays a message about the error. In the error message, Storage Gateway prompts you to take one of two actions that can recover your tapes: •...
Page 344: Troubleshooting Irrecoverable Tapes
Troubleshooting Irrecoverable Tapes If your virtual tape fails unexpectedly, AWS Storage Gateway sets the status of the failed virtual tape to IRRECOVERABLE. The action you take depends on the circumstances. You can ﬁnd information following on some issues you might ﬁnd, and how to troubleshoot them.
Page 345: Recovering Your Data: Best Practices
Important AWS Storage Gateway doesn’t support recovering a gateway VM from a snapshot that is created by your hypervisor or from your Amazon EC2 ami. If your gateway VM malfunctions, activate a new gateway and recover your data to that gateway using the instructions following.
Page 346: Recovering Your Data From A Malfunctioning Gateway Or Vm
Recovering Your Data from a Malfunctioning Gateway or VM If your gateway or virtual machine malfunctions, you can recover data that has been uploaded to AWS and stored on a volume in Amazon S3. For cached volumes gateways, you recover data from a recovery snapshot.
Page 347: Recovering Your Data From An Irrecoverable Tape
If you can repair the ﬁle system, you can then recover your data from the volumes on the ﬁle system, as described following: 1. Shut down your virtual machine and use the AWS Storage Gateway Management Console to create a recovery snapshot. This snapshot represents the most current data stored in AWS.
Page 348: Recovering Your Data From An Inaccessible Data Center
AWS Storage Gateway User Guide Recovering Your Data From An Inaccessible Data Center 10. T ype /sbin/fsck to run this command manually from the prompt, to check and repair your ﬁle system. 11. W hen the ﬁle system check and repair is complete, reboot the instance. The grub settings will revert to the original values, and the gateway will boot up normally.
Page 349 AWS Storage Gateway User Guide Recovering Your Data From An Inaccessible Data Center Mount your ﬁle share on your client and map it to the Amazon S3 bucket that contains the data that you want to recover. For more information, see Using Your File Share (p.
Page 350: Additional Resources
Additional AWS Storage Gateway Resources In this section, you can ﬁnd information about AWS and third-party software, tools, and resources that can help you set up or manage your gateway, and also about AWS Storage Gateway limits. Topics • Host Setup (p. 343) •...
Page 351 AWS Storage Gateway User Guide Conﬁguring VMware for Storage Gateway Synchronizing VM Time with Host Time To successfully activate your gateway, you must ensure that your VM time is synchronized to the host time, and that the host time is correctly set. In this section, you ﬁrst synchronize the time on the VM to the host time.
Page 352 AWS Storage Gateway User Guide Conﬁguring VMware for Storage Gateway It is important to make sure that your host clock is set to the correct time. If you have not conﬁgured your host clock, perform the following steps to set and synchronize it with an NTP server.
Page 353 Choose OK to close the NTP Daemon (ntpd) Options dialog box. Choose OK to close the Time Conﬁguration dialog box. Conﬁguring the AWS Storage Gateway VM to Use Paravirtualized Disk Controllers In this task, you set the iSCSI controller so that the VM uses paravirtualization. Paravirtualization is a mode where the gateway VM works with the host operating system so the console can identify the virtual disks that you add to your VM.
Page 354 For more information about VMware HA, see VMware HA: Concepts and Best Practices on the VMware website. To use AWS Storage Gateway with VMware HA, we recommend doing the following things: API Version 2013-06-30...
Page 355: Synchronizing Your Gateway Vm Time
AWS Storage Gateway User Guide Synchronizing Your Gateway VM Time • Deploy the VMware ESX .ova downloadable package that contains the AWS Storage Gateway VM on only one host in a cluster. • When deploying the .ova package, select a data store that is not local to one host. Instead, use a data store that is accessible to all hosts in the cluster.
Page 356: Volume Or Tape Gateway On Amazon Ec2 Host
AWS Storage Gateway User Guide Volume or Tape Gateway on Amazon EC2 Host If the result indicates that you should synchronize your VM's time to the NTP time, enter y. Otherwise, enter n. If you enter y to synchronize, the synchronization might take a few moments.
Page 357 On AWS Marketplace, choose Continue to Subscribe and choose Continue to Conﬁguration on the next page. If this is your ﬁrst time using a Storage Gateway AMI, accept the terms of service. On the Conﬁgure this Software page, choose a value for Fulﬁlment Option, Software Version, and Region, and then choose Continue to Launch.
Page 358: File Gateway On Ec2 Host
To deploy a gateway on an Amazon EC2 instance On the Choose host platform page, choose Amazon EC2. Choose Launch instance to launch a storage gateway EC2 AMI. You are redirected to the EC2 community AMI page where you can choose an instance type.
Page 359 AWS Storage Gateway User Guide File Gateway on EC2 Host On the Conﬁgure Instance Details page, choose the AWS Identity and Access Management (IAM) role that you want to use for your gateway. Choose Next: Add Storage. On the Add Storage page, choose Add New Volume to add storage to your ﬁle gateway instance.
Page 360 15. Select your instance, take note of the public IP address in the Description tag and return to the Connect to gateway (p. 39) page on the Storage Gateway console to continue your gateway setup. The following shows the ﬁle gateway Amazon EC2 AMI names and AMI IDs.
Page 361: Volume Gateway
AWS Storage Gateway User Guide Volume Gateway Region AMI Name AMI ID us-west-1 aws- ami-0831b9be25c2be35d thinstaller-1560967323 us-west-2 aws- ami-0e5a18885401d9460 thinstaller-1560967323 us-gov-west-1 aws- ami-6d6c160c thinstaller-1560967323 Volume Gateway Topics • Removing Disks from Your Gateway (p. 354) • Adding and Removing Amazon EBS Volumes for Your Gateway Hosted on Amazon EC2 (p. 356) Removing Disks from Your Gateway Although we don’t recommend removing the underlying disks from your gateway, you might want to...
Page 362 AWS Storage Gateway User Guide Removing Disks from Your Gateway Choose an option in the Removal Options panel, and then choose OK to complete the process of removing the disk. Removing a Disk from a Gateway Hosted on Microsoft Hyper-V Using the following procedure, you can remove a disk from your gateway hosted on a Microsoft Hyper-V hypervisor.
Page 363: Ebs Volumes For Ec2 Gateways
AWS Storage Gateway User Guide EBS Volumes for EC2 Gateways In the Hardware list of the Settings dialog box, select the disk to remove, and then choose Remove. The disks you add to a gateway appear under the SCSI Controller entry in the Hardware list. Verify that the Controller and Location value are the same value that you noted previously.
Page 364: Tape Gateway
• Displaying Barcodes for Tapes in Microsoft System Center DPM (p. 360) For medium changers, AWS Storage Gateway works with the following: • AWS-Gateway-VTL – This device is provided with the gateway. • STK-L700 – This device emulation is provided with the gateway.
Page 365 After your gateway is activated, you can choose to select a diﬀerent medium changer type. Important If your tape gateway uses the Symantec Backup Exec 2014 or NetBackup 7.x backup software, you must select the AWS-Gateway-VTL device type. For more information on how to change the API Version 2013-06-30...
Page 366 On the Discovered targets pane, choose the medium changer you want to change, choose Disconnect, and then choose OK. On the Storage Gateway console, choose Gateways from the navigation pane, and then choose the gateway whose medium changer you want to change.
Page 367 If you use the media changer driver for Sony TSL-A500C Autoloader, Microsoft System Center Data Protection Manager doesn't automatically display barcodes for virtual tapes created in Storage Gateway. To display barcodes correctly for your tapes, change the media changer driver to Sun/StorageTek Library.
Page 368: Working With Tapes
By default, AWS Storage Gateway searches for all virtual tapes. However, you can also ﬁlter your search by status. If you ﬁlter for status, tapes that match your criteria appear in the library in the AWS Storage Gateway console.
Page 369: Getting Activation Key
AWS Storage Gateway User Guide Getting Activation Key If you ﬁlter for gateway, tapes that are associated with that gateway appear in the library in the AWS Storage Gateway console. Note By default, AWS Storage Gateway displays all tapes regardless of status.
Page 370: Aws Cli
• Microsoft Windows PowerShell (p. 363) AWS CLI If you haven't already done so, you must install and conﬁgure the AWS CLI. To do this, follow these instructions in the AWS Command Line Interface User Guide: • Installing the AWS Command Line Interface •...
Page 371: Connecting Iscsi Initiators
The client component of an iSCSI network. The initiator sends requests to the iSCSI target. Initiators can be implemented in software or hardware. AWS Storage Gateway only supports software initiators. iSCSI target The server component of the iSCSI network that receives and responds to requests from initiators.
Page 372: Connecting To Your Volumes To A Windows Client
To add and conﬁgure upload buﬀer or cache storage (p. 223). The following diagram highlights the iSCSI target in the larger picture of the AWS Storage Gateway architecture. For more information, see How AWS Storage Gateway Works (Architecture) (p. You can connect to your volume from either a Windows or Red Hat Linux client. You can optionally conﬁgure CHAP for either client type.
Page 373 DNS name, and then choose OK. To get the IP address of your gateway, check the Gateway tab on the AWS Storage Gateway console. If you deployed your gateway on an Amazon EC2 instance, you can ﬁnd the public IP or DNS address in the Description tab on the Amazon EC2 console.
Page 374 AWS Storage Gateway User Guide Connecting to Your Volumes to a Windows Client The IP address now appears in the Target portals list on the Discovery tab. Connect the new target portal to the storage volume target on the gateway: Choose the Targets tab.
Page 375: Connecting To Vtl Devices
10). Note You connect only one application to each iSCSI target. The following diagram highlights the iSCSI target in the larger picture of the AWS Storage Gateway architecture. For more information on AWS Storage Gateway architecture, see Tape Gateways (p.
Page 376 DNS name, and then choose OK. To get the IP address of your gateway, check the Gateway tab on the AWS Storage Gateway console. If you deployed your gateway on an Amazon EC2 instance, you can ﬁnd the public IP or DNS address in the Description tab on the Amazon EC2 console.
Page 377 AWS Storage Gateway User Guide Connecting to VTL Devices Select the ﬁrst device and choose Connect. You connect the devices one at a time. In the Connect to Target dialog box, choose OK. Repeat steps 6 and 7 for each of the devices to connect all of them, and then choose OK in the iSCSI Initiator Properties dialog box.
Page 378 AWS Storage Gateway User Guide Connecting to VTL Devices If Driver Provider is not Microsoft, set the value as follows: Choose Update Driver. In the Update Driver Software dialog box, choose Browse my computer for driver software. In the Update Driver Software dialog box, choose Let me pick from a list of device drivers on my computer.
Page 379: Connecting Your Volumes Or Vtl Devices To A Linux Client
AWS Storage Gateway User Guide Connecting Your Volumes or VTL Devices to a Linux Client Select LTO Tape drive and choose Next. Choose Close to close the Update Driver Software window, and verify that the Driver Provider value is now set to Microsoft.
Page 380 [GATEWAY_IP] You can ﬁnd the gateway IP in the iSCSI Target Info properties of a volume on the AWS Storage Gateway console. The output of the discovery command will look like the following example output.
Page 381: Customizing Iscsi Settings
AWS Storage Gateway User Guide Customizing iSCSI Settings ls -l /dev/disk/by-path The output of the command will look like the following example output. lrwxrwxrwx. 1 root root 9 Apr 16 19:31 ip-[GATEWAY_IP]:3260-iscsi- iqn.1997-05.com.amazon:myvolume-lun-0 -> ../../sda We highly recommend that after you set up your initiator you customize your iSCSI settings as discussed in Customizing Your Linux iSCSI Settings (p.
Page 382 AWS Storage Gateway User Guide Customizing iSCSI Settings HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE- BFC1-08002BE10318} Find the subkey for the Microsoft iSCSI initiator, shown following as [<Instance Number]. The key is represented by a four-digit number, such as 0000. HKEY_Local_Machine\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE- BFC1-08002BE10318}\[<Instance Number] Depending on what is installed on your computer, the Microsoft iSCSI initiator might not be the subkey 0000.
Page 383 AWS Storage Gateway User Guide Customizing iSCSI Settings Navigate to the Disk subkey in the Services subkey of the CurrentControlSet, shown following. HKEY_Local_Machine\SYSTEM\CurrentControlSet\Services\Disk Open the context (right-click) menu for the TimeOutValue DWORD (32-bit) value, choose Modify, and then change the value to 600.
Page 384: Conﬁguring Chap Authentication
VTL device target. To set up CHAP, you must conﬁgure it both on the AWS Storage Gateway console and in the iSCSI initiator software that you use to connect to the target. Storage Gateway uses mutual CHAP, which is when the initiator authenticates the target and the target authenticates the initiator.
Page 385 Linux client (p. 384). To conﬁgure CHAP for a volume target on the AWS Storage Gateway console In this procedure, you specify two secret keys that are used to read and write to a volume. These same keys are used in the procedure to conﬁgure the client initiator.
Page 386 Choose the Details tab and conﬁrm that iSCSI CHAP authentication is set to true. To conﬁgure CHAP for a VTL device target on the AWS Storage Gateway console In this procedure, you specify two secret keys that are used to read and write to a virtual tape. These same keys are used in the procedure to conﬁgure the client initiator.
Page 387 The Initiator Name value is unique to your initiator and company. The name shown preceding is the value that you used in the Conﬁgure CHAP Authentication dialog box of the AWS Storage Gateway console. The name shown in the example image is for demonstration purposes only.
Page 388 AWS Storage Gateway User Guide Conﬁguring CHAP Authentication In this dialog box, you enter the secret that the initiator (the Windows client) uses to authenticate the target (the storage volume). This secret allows the target to read and write to the initiator.
Page 389 AWS Storage Gateway User Guide Conﬁguring CHAP Authentication If the target that you want to conﬁgure for CHAP is currently connected, disconnect the target by selecting it and choosing Disconnect. Select the target that you want to conﬁgure for CHAP, and then choose Connect.
Page 390 AWS Storage Gateway User Guide Conﬁguring CHAP Authentication In the Advanced Settings dialog box, conﬁgure CHAP. Select Enable CHAP log on. Type the secret that is required to authenticate the initiator. This secret is the same as the secret typed into the Secret used to Authenticate Initiator box in the Conﬁgure CHAP Authentication dialog box.
Page 391 In this procedure, you conﬁgure CHAP in the Linux iSCSI initiator using the same keys that you used to conﬁgure CHAP for the volume on the AWS Storage Gateway console. Ensure that the iSCSI daemon is running and that you have already connected to a target. If you have not completed these two tasks, see Connecting to a Microsoft Windows Client (p.
Page 392 AWS Storage Gateway User Guide Conﬁguring CHAP Authentication The following command removes the conﬁguration for the myvolume target. sudo /sbin/iscsiadm --mode node --op delete --targetname iqn.1997-05.com.amazon:myvolume Edit the iSCSI conﬁguration ﬁle to enable CHAP. Get the name of the initiator (that is, the client you are using).
Page 393: Using Aws Direct Connect With Storage Gateway
Storage Gateway endpoints. The public virtual interface bypasses internet service providers in your network path. The Storage Gateway service public endpoint can be in the same AWS Region as the AWS Direct Connect location, or it can be in a diﬀerent AWS Region.
Page 394 AWS Storage Gateway User Guide Port Requirements Volume Gateways and Tape Gateways The following illustration shows the ports to open for volume gateways' and tape gateways' operation. The following ports are common to all gateway types and are required by all gateway types.
Page 395 AWS Storage Gateway User Guide Port Requirements From Protocol Port How Used Storage Transmission 443 (HTTPS) Gateway VM Control communication Protocol (TCP) from an AWS Storage Gateway VM to an AWS service endpoint. For information about service endpoints, Allowing AWS Storage...
Page 396 AWS Storage Gateway User Guide Port Requirements From Protocol Port How Used your gateway’s port 80. Storage Domain Name User Datagram 53 (DNS) Gateway VM Service (DNS) Protocol communication server (UDP)/UDP between a Storage Gateway VM and the DNS server.
Page 397 AWS Storage Gateway User Guide Port Requirements RuleNetwork File Share Protocol Port Inbound Outbound Required? Notes Element Type ✓ ✓ ✓ File share client TCP/UDP File sharing data Data transfer (for NFS only) 2049 ✓ ✓ ✓ ...
Page 398: Connecting To Your Gateway
• EC2 host: Getting an IP Address from an Amazon EC2 Host (p. 391) When you locate the IP address, take note of it. Then return to the AWS Storage Gateway console and type the IP address into the console.
Page 399: Understanding Resources And Resource Ids
Choose the Description tab at the bottom, and then note the Elastic IP value. You use this elastic IP address to connect to the gateway. Return to the AWS Storage Gateway console and type in the elastic IP address.
Page 400: Working With Resource Ids
Amazon EC2 API, Amazon EC2 expects resource IDs in lowercase. You must change your resource ID to lowercase to use it with the EC2 API. For example, in Storage Gateway the ID for a volume might be vol-1122AABB. When you use this ID with the EC2 API, you must change it to vol-1122aabb.
Page 401: Working With Tags
• Valid characters for the key property are UTF-8 letters and numbers, space, and special characters + - = . _ : / and @. Working with Tags You can work with tags by using the Storage Gateway console, the Storage Gateway API, or the Storage Gateway Command Line Interface (CLI).
Page 402: See Also
In this section, you can ﬁnd information about third party tools and licenses that we depend on to deliver AWS Storage Gateway functionality. The source code for certain open-source software components that are included with the AWS Storage Gateway software is available for download at the following locations: •...
Page 403: Limits For Volumes
Note If you create a snapshot from a cached volume that is more than 16 TiB in size, you can restore it to a Storage Gateway volume but not to an Amazon Elastic Block Store (Amazon EBS) volume. Maximum number of volumes per...
Page 404: Recommended Local Disk Sizes For Your Gateway
Using Storage Classes AWS Storage Gateway supports the Amazon S3 Standard, Amazon S3 Standard-Infrequent Access, Amazon S3 One Zone-Infrequent Access and Glacier storage classes. For more information about storage...
Page 405: Using Glacier Storage Class With File Gateway
AWS Storage Gateway User Guide Using GLACIER Storage Class With File Gateway Using GLACIER Storage Class With File Gateway If you transition a ﬁle to Glacier through Amazon S3 Lifecycle Policies and the ﬁle is visible to your ﬁle share clients through the cache, you get IO errors when you update the ﬁle. We recommend that you set up CloudWatch Events to receive notiﬁcation when these IO errors occur and use the notiﬁcation...
Page 406: Api Reference
API Reference for AWS Storage Gateway In addition to using the console, you can use the AWS Storage Gateway API to programmatically conﬁgure and manage your gateways. This section describes the AWS Storage Gateway operations, request signing for authentication and the error handling. For information about the regions and...
Page 407: Signing Requests
API Reference for AWS Storage Gateway (p. 399). Signing Requests AWS Storage Gateway requires that you authenticate every request you send by signing the request. To sign a request, you calculate a digital signature using a cryptographic hash function. A cryptographic API Version 2013-06-30...
Page 408: Example Signature Calculation
Task 1: Create a Canonical Request Rearrange your HTTP request into a canonical format. Using a canonical form is necessary because AWS Storage Gateway uses the same canonical form when it recalculates a signature to compare with the one you sent.
Page 409: Error Responses
The last line of the canonical request is the hash of the request body. Also, note the empty third line in the canonical request. This is because there are no query parameters for this API (or any AWS Storage Gateway APIs).
Page 410: Exceptions
AWS Storage Gateway User Guide Exceptions Depending on the type of error, AWS Storage Gateway may return only just an exception, or it may return both an exception and an operation error code. Examples of error responses are shown in the Error Responses (p.
Page 411: Operation Error Codes
Operation Error Codes The following table shows the mapping between AWS Storage Gateway operation error codes and APIs that can return the codes. All operation error codes are returned with one of two general exceptions—InternalServerError and InvalidGatewayRequestException—described in Exceptions (p.
Page 412 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code AddWorkingStorage CreateStorediSCSIVolume The speciﬁed disk is not CreateStorediSCSIVolume DiskSizeNotGigAligned gigabyte-aligned. The speciﬁed disk size CreateStorediSCSIVolume DiskSizeGreaterThanVolumeMaxSize is greater than the maximum volume size.
Page 413 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code A gateway internal error AddCache GatewayInternalError occurred. AddUploadBuﬀer AddWorkingStorage CreateCachediSCSIVolume CreateSnapshot CreateStorediSCSIVolume CreateSnapshotFromVolumeRecoveryPoint DeleteBandwidthRateLimit DeleteChapCredentials DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials DescribeGatewayInformation DescribeMaintenanceStartTime...
Page 414 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code The speciﬁed gateway is AddCache GatewayNotConnected not connected. AddUploadBuﬀer AddWorkingStorage CreateCachediSCSIVolume CreateSnapshot CreateStorediSCSIVolume CreateSnapshotFromVolumeRecoveryPoint DeleteBandwidthRateLimit DeleteChapCredentials DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials DescribeGatewayInformation...
Page 415 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code The speciﬁed gateway AddCache GatewayNotFound was not found. AddUploadBuﬀer AddWorkingStorage CreateCachediSCSIVolume CreateSnapshot CreateSnapshotFromVolumeRecoveryPoint CreateStorediSCSIVolume DeleteBandwidthRateLimit DeleteChapCredentials DeleteGateway DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials...
Page 416 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code UpdateSnapshotSchedule The speciﬁed gateway AddCache GatewayProxyNetworkConnectionBusy proxy network AddUploadBuﬀer connection is busy. AddWorkingStorage CreateCachediSCSIVolume CreateSnapshot CreateSnapshotFromVolumeRecoveryPoint CreateStorediSCSIVolume DeleteBandwidthRateLimit DeleteChapCredentials DeleteVolume DescribeBandwidthRateLimit DescribeCache...
Page 417 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code An internal error ActivateGateway InternalError occurred. AddCache AddUploadBuﬀer AddWorkingStorage CreateCachediSCSIVolume CreateSnapshot CreateSnapshotFromVolumeRecoveryPoint CreateStorediSCSIVolume DeleteBandwidthRateLimit DeleteChapCredentials DeleteGateway DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials DescribeGatewayInformation...
Page 418 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code UpdateGatewayInformation UpdateGatewaySoftwareNow UpdateSnapshotSchedule API Version 2013-06-30...
Page 419 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code The speciﬁed request ActivateGateway InvalidParameters contains invalid AddCache parameters. AddUploadBuﬀer AddWorkingStorage CreateCachediSCSIVolume CreateSnapshot CreateSnapshotFromVolumeRecoveryPoint CreateStorediSCSIVolume DeleteBandwidthRateLimit DeleteChapCredentials DeleteGateway DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes...
Page 420 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code UpdateGatewayInformation UpdateGatewaySoftwareNow UpdateSnapshotSchedule The local storage limit AddCache LocalStorageLimitExceeded was exceeded. AddUploadBuﬀer AddWorkingStorage The speciﬁed LUN is CreateStorediSCSIVolume LunInvalid invalid. The maximum volume...
Page 421 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code The speciﬁed operation is ActivateGateway NotSupported not supported. AddCache AddUploadBuﬀer AddWorkingStorage CreateCachediSCSIVolume CreateSnapshot CreateSnapshotFromVolumeRecoveryPoint CreateStorediSCSIVolume DeleteBandwidthRateLimit DeleteChapCredentials DeleteGateway DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes...
Page 422 AWS Storage Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code UpdateGatewayInformation UpdateGatewaySoftwareNow UpdateSnapshotSchedule The speciﬁed gateway is ActivateGateway OutdatedGateway out of date. The speciﬁed snapshot is DeleteVolume SnapshotInProgressException in progress. The speciﬁed snapshot is...
Page 423: Error Responses
AWS Storage Gateway User Guide Error Responses Operation Error Code Message Operations That Return this Error Code The speciﬁed operation is AddCache UnsupportedOperationForGatewayType not valid for the type of AddWorkingStorage the gateway. CreateCachediSCSIVolume CreateSnapshotFromVolumeRecoveryPoint CreateStorediSCSIVolume DeleteSnapshotSchedule DescribeCache DescribeCachediSCSIVolumes DescribeStorediSCSIVolumes DescribeUploadBuﬀer...
Page 424 ARN request input that does not exist. "__type": "InvalidGatewayRequestException", "message": "The specified volume was not found.", "error": { "errorCode": "VolumeNotFound" The following JSON body is returned if AWS Storage Gateway calculates a signature that does not match the signature sent with a request. API Version 2013-06-30...
Page 425: Operations
"__type": "InvalidSignatureException", "message": "The request signature we calculated does not match the signature you provided." Operations in AWS Storage Gateway For a list of AWS Storage Gateway operations, see Actions in the AWS Storage Gateway API Reference. API Version 2013-06-30...
Page 426: Document History
• Latest documentation update: June 20, 2019 The following table describes important changes in each release of the AWS Storage Gateway User Guide after April 2018. For notiﬁcation about updates to this documentation, you can subscribe to an RSS feed.
Page 427 Integration with AWS AWS Storage Gateway integrates January 16, 2019 Backup (p. 419) with AWS Backup. You can now use AWS Backup to back up on- premises business applications that use Storage Gateway volumes for cloud-backed storage. For more information, Backing Up Your Volumes.
Page 428: Earlier Updates
DEEP_ARCHIVE). For more information, see Testing Your Setup by Using NovaStor DataCenter/Network. Earlier Updates The following table describes important changes in each release of the AWS Storage Gateway User Guide before May 2018. Change Description Date Changed Support for S3 One For ﬁle gateways, you can now choose S3 One Zone_IA...
Page 429 (GLACIER or DEEP_ARCHIVE). For more information, see Testing Your Setup by Using Dell EMC NetWorker (p. 95). New Region AWS Storage Gateway is now available in the EU December 18, 2017 (Paris) Region. For detailed information, see Regions (p. 10). Support for ﬁle File gateways now enable you to get notiﬁcation...
Page 430 (VTL). For more information, see Viewing Tape Usage (p. 181). New Region AWS Storage Gateway is now available in the Asia Paciﬁc May 02, 2017 (Mumbai) Region. For detailed information, see Regions (p. 10).
Page 431 Glacier. For more information, see Testing Your Setup by Using Micro Focus (HPE) Data Protector (p. 99). New Region AWS Storage Gateway is now available in the US East October 17, 2016 (Ohio) Region. For detailed information, see Regions (p. 10).
Page 432 AWS Storage Gateway console Limits (p. 395). You can now set the password for your VM local console on the AWS Storage Gateway Console. For information, Setting the Local Console Password from the Storage Gateway Console (p. 253).. Compatibility Tape gateway is now compatible with Dell EMC...
Page 433 Conﬁguring hypervisor Network Adapters for Your Gateway (p. 264). Performance The maximum upload rate for AWS Storage Gateway enhancements has increased to 120 MB a second, and the maximum download rate has increased to 20 MB a second. Miscellaneous enhancements and...
Page 434 10). This release includes the following AWS Storage Gateway improvements and updates: • From the AWS Storage Gateway console, you can now see the date and time the last successful software update was applied to your gateway. For more information, see Managing Gateway Updates Using the AWS Storage Gateway Console (p.
Page 435 AWS CloudTrail to CloudTrail. AWS CloudTrail captures API calls made by or capture API calls on behalf of AWS Storage Gateway in your AWS account and delivers the log ﬁles to an Amazon S3 bucket that you specify. For more information, see Logging Storage Gateway API Calls with AWS CloudTrail (p.
Page 436 Clustering (WSFC). However, you can't connect multiple Support for VMware hosts to that same volume without using WSFC. ESX initiator • AWS Storage Gateway now enables you to manage storage connectivity directly through your ESX host. Support for This provides an alternative to using initiators resident performing in the guest OS of your VMs.
Page 437 • To get started with tape gateway, see Creating a Tape Gateway (p. 75). Support for AWS Storage Gateway now provides the ability to deploy April 10, 2013 Microsoft Hyper-V an on-premises gateway on the Microsoft Hyper-V virtualization platform. Gateways deployed on Microsoft Hyper-V have all the same functionality and features as the existing on-premises storage gateway.
Page 438 You can also try a test setup. For instructions, see Creating a Tape Gateway (p. 75). API and IAM support In this release, AWS Storage Gateway introduces API May 9, 2012 support as well as support for AWS Identity and Access Management(IAM).

AWS Storage Gateway User Manual

Quick Links

Troubleshooting

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for AWS Storage Gateway