AWS Storage Gateway User Manual Download Page 62

Page: 62 / 438

AWS Storage Gateway User Guide

Using Your File Share

When you enter allowed users and groups, you are creating a whitelist. Without a whitelist, all

authenticated Microsoft AD users can access the SMB ﬁle share. Any users and groups that are

marked as denied are added to a blacklist and can't access the SMB ﬁle share. In instances where a

user or group is on both the blacklist and whitelist, the blacklist takes precedence.

You can enable Access Control Lists(ACLs) on your SMB ﬁle share. For information about how to

enable ACLs, see

Using Microsoft Windows ACLs to Control Access to an SMB File Share (p. 307)

Next Step

Testing Your File Gateway (p. 55)

Working with File Shares on a Bucket with Pre-exisiting Objects

You can export a ﬁle share on an Amazon S3 bucket with objects created outside of the ﬁle gateway

using either NFS or SMB. Objects in the bucket that were created outside of the gateway display as

ﬁles in either the NFS or SMB ﬁle system when your ﬁle system clients access them. Standard Portable

Operating System Interface (POSIX) access and permissions are used in the ﬁle share. When you write

ﬁles back to an Amazon S3 bucket, the ﬁles assume the properties and access rights that you give them.

You can upload objects to an S3 bucket at any time. For the ﬁle share to display these newly added

objects as ﬁles, you need to

the section called “Refreshing Objects in Your Amazon S3 Bucket” (p. 153)

ﬁrst.

Note

We don't recommend having multiple writers for one Amazon S3 bucket. If you do, be sure to

read the section "Can I have multiple writers to my Amazon S3 bucket?" in

the Storage Gateway

FAQ

To assign metadata defaults to objects accessed using NFS, see Editing Metadata Defaults in

the section

called “Managing Your File Gateway” (p. 144)

For SMB, you can export a share using Microsoft AD or guest access for an Amazon S3 bucket with pre-

existing objects. Objects exported through an SMB ﬁle share inherits POSIX ownership and permissions

from the parent directory right above it. For objects under the root folder, root Access Control Lists

(ACL) are inherited. For Root ACL, the owner is

smbguest

and the permissions for ﬁles are

666

, and the

directories are

777

. This applies to all forms of authenticated access (Microsoft AD and guest)

Testing Your File Gateway

You can copy ﬁles and folders to your mapped drive. The ﬁles automatically upload to your Amazon S3

bucket.

To upload ﬁles from your windows client to Amazon S3

1. On your Windows client, navigate to the drive that you mounted your ﬁle share on. The name of

your drive is preceded by the name of your S3 bucket.

2. Copy ﬁles or a folder to the drive.
3. On the Amazon S3 Management Console, navigate to your mapped bucket. You should see the ﬁles

and folders that you copied in the Amazon S3 bucket that you speciﬁed.

You can see the ﬁle share that you created in the

File shares

tab in the AWS Storage Gateway

Management Console.

Your NFS or SMB client can write, read, delete, rename, and truncate ﬁles.

API Version 2013-06-30

Summary of Contents for Storage Gateway

Page 1: ...AWS Storage Gateway User Guide API Version 2013 06 30 ...

Page 2: ...AWS Storage Gateway User Guide AWS Storage Gateway User Guide ...

Page 3: ... 24 Setting Up Your Hardware Appliance 25 Rack Mount and Plug In Your Hardware Appliance 25 Conﬁgure Network Parameters 27 Activate Your Hardware Appliance 29 Launching a Gateway 32 Conﬁguring an IP Address for the Gateway 33 Conﬁguring Your Gateway 34 Removing a Gateway 34 Deleting Your Hardware Appliance 34 Creating Your Gateway 36 Creating a File Gateway 36 Creating a Gateway 36 Creating a File...

Page 4: ...85 Understanding Gateway Metrics 185 AWS Storage Gateway Metrics 185 Dimensions for AWS Storage Gateway Metrics 196 Monitoring the Upload Buﬀer 196 Monitoring Cache Storage 198 Monitoring Your File Share 199 Getting Notiﬁed About File Operations 199 Understanding File Share Metrics 203 Monitoring Your Volume Gateway 204 Using Amazon CloudWatch Metrics 205 Measuring Performance Between Your Applica...

Page 5: ...ting CHAP Credentials 292 Encrypting Your Data Using AWS KMS 293 Authentication and Access Control 294 Authentication 294 Access Control 295 Overview of Managing Access 296 Using Identity Based Policies IAM Policies 299 Using Tags to Control Access to File Gateway Resources 305 Using ACLs for SMB File Share Access 307 Storage Gateway API Permissions Reference 309 Troubleshooting Your Gateway 316 T...

Page 6: ...as Failed 333 Throughput from Your Application to a Volume Has Dropped to Zero 333 A Cache Disk in Your Gateway Encounters a Failure 334 A Volume Snapshot Has PENDING Status Longer Than Expected 334 Troubleshooting Virtual Tape Issues 334 Recovering a Virtual Tape From An Unrecoverable Gateway 335 Troubleshooting Irrecoverable Tapes 337 Recovering Your Data Best Practices 338 Recovering from an Un...

Page 7: ...ce Components 395 Storage Gateway Limits 395 Limits for File Shares 395 Limits for Volumes 396 Limits for Tapes 396 Recommended Local Disk Sizes For Your Gateway 397 Using Storage Classes 397 Using Infrequent Access Storage Class With File Gateway 397 Using GLACIER Storage Class With File Gateway 398 API Reference 399 Required Request Headers 399 Signing Requests 400 Example Signature Calculation ...

Page 8: ...ns through industry standard ﬁle system protocols and provides a cost eﬀective alternative to on premises storage It also provides low latency access to data through transparent local caching A ﬁle gateway manages data transfer to and from AWS buﬀers applications from network congestion optimizes and streams data in parallel and manages bandwidth consumption File gateways integrate with AWS servic...

Page 9: ...ay Deployment p 8 Are You a First Time AWS Storage Gateway User In the following documentation you can ﬁnd a Getting Started section that covers setup information common to all gateways and also gateway speciﬁc setup sections The Getting Started section shows you how to deploy activate and conﬁgure storage for a gateway The management section shows you how to manage your gateway and resources Crea...

Page 10: ... egress charges CloudWatch metrics provide insight into resource use on the VM and data transfer to and from AWS CloudTrail tracks all API calls With ﬁle gateway storage you can do such tasks as ingesting cloud workloads to S3 performing backup and archive tiering and migrating storage data to the AWS Cloud The following diagram provides an overview of ﬁle storage deployment for Storage Gateway Vo...

Page 11: ...s the cache storage for the data before checking Amazon S3 You can use the following guidelines to determine the amount of disk space to allocate for cache storage Generally you should allocate at least 20 percent of your existing ﬁle store size as cache storage Cache storage should also be larger than the upload buﬀer This guideline helps make sure that cache storage is large enough to persistent...

Page 12: ...u maintain your volume storage on premises in your data center That is you store all your application data on your on premises storage hardware Then using features that help maintain data security the gateway uploads data to the AWS Cloud for cost eﬀective backup and rapid disaster recovery This solution is ideal if you want to keep data locally on premises because you need to have low latency acc...

Page 13: ...our data in the AWS Cloud With its virtual tape library VTL interface you use your existing tape based backup infrastructure to store data on virtual tape cartridges that you create on your tape gateway Each tape gateway is preconﬁgured with a media changer and tape drives These are available to your existing client backup applications as iSCSI devices You add tape cartridges as you need to archiv...

Page 14: ...using the Storage Gateway API When you retrieve a tape that is archived in GLACIER it becomes available in your VTL in about three to ﬁve hours after you start retrieval When you retrieve a tape that is archived in DEEP_ARCHIVE it becomes available in your VTL in about 12 hours after you start retrieval After you deploy and activate a tape gateway you mount the virtual tape drives and media change...

Page 15: ...t of volume data on premises and store periodic point in time backups snapshots in AWS In this model your on premises storage is primary delivering low latency access to your entire dataset AWS storage is the backup that you can restore in the event of a disaster in your data center For an architectural overview of volume gateways see Cached Volumes Architecture p 3 and Stored Volumes Architecture...

Page 16: ...ﬁrewall make sure that ports are accessible to the gateway VM For more information see Requirements p 10 2 For a tape gateway you have installed client backup software For more information see Supported Third Party Backup Applications for a Tape Gateway p 22 API Version 2013 06 30 9 ...

Page 17: ...g a phone call and entering a veriﬁcation code on the phone keypad For information about pricing see AWS Storage Gateway Pricing on the AWS Storage Gateway detail page AWS Regions AWS Storage Gateway stores volume snapshot tape and ﬁle data in the AWS Region in which your gateway is activated File data is stored in the AWS Region where your Amazon S3 bucket is located You select an AWS Region at t...

Page 18: ...of the gateway VM see AWS Storage Gateway Limits p 395 Requirements for Amazon EC2 Instance Types When deploying your gateway on Amazon EC2 the instance size must be at least xlarge for your gateway to function However for the compute optimized instance family the size must be at least 2xlarge Use one of the following instance types recommended for your gateway type Recommended for ﬁle gateway typ...

Page 19: ...M4 p 324 Storage Requirements In addition to 80 GiB disk space for the VM you also need additional disks for your gateway The following table recommends sizes for local disk storage for your deployed gateway Gateway Type Cache Minimum Cache Maximum Upload Buﬀer Minimum Upload Buﬀer Maximum Other Required Local Disks File gateway 150 GiB 16 TiB Cached volume gateway 150 GiB 16 TiB 150 GiB 2 TiB Sto...

Page 20: ...ps for Your Amazon EC2 Gateway Instance p 20 Port Requirements AWS Storage Gateway requires certain ports to be allowed for its operation The following illustrations show the required ports that you must allow for each type of gateway Some ports are required by all gateway types and others are required by speciﬁc gateway types For more information about port requirements see Port Requirements p 38...

Page 21: ...teway Management Console the host from which you connect to the console must have access to your gateway s port 80 UDP UDP 53 DNS Outbound Storage Gateway Domain Name Service DNS server For communication between AWS Storage Gateway and the DNS server TCP 22 Support channel Outbound Storage Gateway AWS Support Allows AWS Support to access your gateway to help you with troubleshooting gateway issues...

Page 22: ...y need to use Microsoft Active Directory when you want to allow domain users to access an Server Message Block SMB ﬁle share You can join your ﬁle gateway to any valid Microsoft Windows domain resolvable by DNS You can also use the AWS Directory Service to create an AWS managed Microsoft Active Directory in the AWS Cloud For most AWS managed Active Directory deployments you need to conﬁgure the Dy...

Page 23: ...v3 Inbound NFSv3 client Storage Gateway For local systems to connect to the port mapper that your gateway exposes Note This port is needed only for NFSv3 TCP UDP 20048 NFSv3 Inbound NFSv3 client Storage Gateway For local systems to connect to mounts that your gateway exposes Note This port is needed only for NFSv3 Ports for volume and tape gateways The following illustration shows the ports to ope...

Page 24: ... Storage Gateway Hardware Appliance Each AWS Storage Gateway Hardware Appliance requires the following network services Internet access an always on network connection to the internet through any network interface on the server DNS services DNS services for communication between the hardware appliance and DNS server Time synchronization an automatically conﬁgured Amazon NTP time service must be re...

Page 25: ...m as designed a hardware appliance requires network and ﬁrewall settings as follows Conﬁgure all connected network interfaces in the hardware console Make sure that each network interface is on a unique subnet Provide all connected network interfaces with outbound access to the endpoints listed in the diagram preceding Conﬁgure at least one network interface to support the hardware appliance For m...

Page 26: ...agegateway region amazonaws com cn 443 dp 1 storagegateway region amazonaws com cn 443 The following service endpoint is required to make API calls storagegateway region amazonaws com cn 443 The Amazon S3 service endpoint shown following is used by ﬁle gateways only A ﬁle gateway requires this endpoint to access the S3 bucket that a ﬁle share maps to If your gateway can t determine the AWS Region ...

Page 27: ...on EC2 User Guide for Linux Instances Regardless of the security group that you use we recommend the following The security group should not allow incoming connections from the outside internet It should allow only instances within the gateway security group to communicate with the gateway If you need to allow instances to connect to the gateway from outside its security group we recommend that yo...

Page 28: ...ns activate a new gateway and recover your data to that gateway For more information see Recovering from an Unexpected Virtual Machine Shutdown p 338 AWS Storage Gateway doesn t support dynamic memory and virtual memory ballooning Supported NFS Clients for a File Gateway File gateways support the following Network File System NFS clients Amazon Linux Mac OS X RHEL 7 SUSE Linux Enterprise Server 11...

Page 29: ...R2 Windows Server 2008 and Windows Server 2008 R2 Windows 7 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 VMware ESX Initiator which provides an alternative to using initiators in the guest operating systems of your VMs Important Storage Gateway doesn t support Microsoft Multipath I O MPIO from Windows clients Storage Gateway supports connecting multiple hosts to...

Page 30: ...ose the medium changer that s listed for your backup application Other medium changers might not function properly You can choose a diﬀerent medium changer after the gateway is activated For more information see Selecting a Medium Changer After Gateway Activation p 358 Accessing AWS Storage Gateway You can use the AWS Storage Gateway Management Console to perform various gateway conﬁguration and m...

Page 31: ...side your corporate ﬁrewall When you purchase and activate your hardware appliance the activation process associates your hardware appliance with your AWS account After activation your hardware appliance appears in the console as a gateway on the Hardware page You can conﬁgure your hardware appliance as a ﬁle gateway tape gateway or volume gateway type The procedure that you use to deploy and acti...

Page 32: ...his provides a larger cache for low latency access to data in AWS To increase the usable storage to 12 TB you can buy ﬁve 1 92 TB SSDs solid state drives which is available on the Amazon Website and add them to the hardware appliance before you activate it If you have already activated the hardware appliance and want to increase the usable storage on the appliance to 12 TB do the following 1 First...

Page 33: ...rt is the ﬁrst of the four physical network ports on the rear from left to right Note The hardware appliance doesn t support VLAN trunking Set up the switch port to which you are connecting the hardware appliance as a non trunked VLAN port 3 Plug in the keyboard and monitor 4 Power on the server by pressing the Power button on the front panel as shown in the following image After the server boots ...

Page 34: ...ext Step Conﬁgure Network Parameters p 27 Conﬁgure Network Parameters After the server boots up you can enter your ﬁrst password in the hardware console as described in Rack Mount Your Hardware Appliance and Connect It to Power p 25 Next on the hardware console take the following steps to conﬁgure network parameters so your hardware appliance can connect to AWS API Version 2013 06 30 27 ...

Page 35: ...r to your physical network port If you do so note this IPv4 address for later use in the activation step Assign a static IPv4 address To do so choose Static in the em1 section and press Enter to view the Conﬁgure Static IP screen shown following The em1 section is at upper left section in the group of port settings After you have entered a valid IPv4 address press the Down arrow or Tab Note If you...

Page 36: ...ivate Your Hardware Appliance p 29 Activate Your Hardware Appliance After conﬁguring your IP address you enter this IP address in the console on the Hardware page as described following The activation process validates that your hardware appliance has the appropriate security credentials and registers the appliance to your AWS account AWS Storage Gateway Hardware Appliance is only available in the...

Page 37: ...For activation only the following must be true Your browser must be on the same network as your hardware appliance Your ﬁrewall must allow HTTP access on port 8080 to the appliance for inbound traﬃc 2 Choose Get started to view the Create gateway wizard and then choose Hardware Appliance on the Select host platform page as shown following 3 Choose Next to view the Connect to hardware screen shown ...

Page 38: ...me Manager set to ZFS ZFS RAID is a software based open source ﬁle system and logical volume manager We recommend using ZFS for most hardware appliance use cases because it oﬀers superior performance and integration compared with MD RAID The hardware appliance is speciﬁcally tuned for ZFS RAID For more information on ZFS RAID see the ZFS Wikipedia page If you don t want to accept CDDL license term...

Page 39: ...Management Console and open the AWS Storage Gateway console at https console amazonaws cn storagegateway home 2 Choose Hardware 3 For Actions choose Launch Gateway 4 For Gateway Type choose File Gateway Tape Gateway or Volume Gateway Cached 5 For Gateway name enter a name for your gateway Names can be 255 characters long and can t include a slash character 6 Choose Launch gateway The Storage Gatew...

Page 40: ... default account is sguser the default password is sgpassword 3 Change the default password Choose Actions then Set Local Password and enter your new credentials in the Set Local Password dialog box 4 Optional Conﬁgure your proxy settings See the section called Setting the Local Console Password from the Storage Gateway Console p 253 for instructions 5 Navigate to the Network Settings page of the ...

Page 41: ...eleting Your Gateway by Using the AWS Storage Gateway Console and Removing Associated Resources p 281 Deleting a gateway doesn t delete the hardware appliance from the console The hardware appliance remains for future gateway deployments Deleting Your Hardware Appliance After you activate your Hardware Appliance in your AWS account you might have a need to move and activate it in a diﬀerent AWS ac...

Page 42: ...ur Hardware Appliance When you delete the hardware appliance all the resources associated with the gateway that is installed on the appliance are delete also but the data on the hardware appliance itself is not deleted API Version 2013 06 30 35 ...

Page 43: ...e Topics Creating a File Gateway p 36 Creating a Volume Gateway p 56 Creating a Tape Gateway p 75 Activating a Gateway in a Virtual Private Cloud p 133 Creating a File Gateway In this section you can ﬁnd instructions about how to create and use a ﬁle gateway Topics Creating a Gateway p 36 Creating a File Share p 42 Using Your File Share p 51 Creating a Gateway In this section you can ﬁnd instructi...

Page 44: ...ou chose choose Gateways from the navigation pane and then choose Create gateway 3 On the Select gateway type page choose File gateway and then choose Next Choosing a Host Platform and Downloading the VM If you create your gateway on premises you deploy the hardware appliance or download and deploy a gateway VM and then activate the gateway If you create your gateway on an Amazon EC2 instance you ...

Page 45: ...red in thick provisioned format Conﬁgure your gateway VM to use paravirtualized disk controllers For more information see Conﬁguring the AWS Storage Gateway VM to Use Paravirtualized Disk Controllers p 346 If you choose Microsoft Hyper V do the following Conﬁgure the disk type as Fixed size When you use ﬁxed size provisioning the disk storage is allocated immediately resulting in better performanc...

Page 46: ...dpoint 1 For Endpoint type you have the following options To make your gateway access AWS services over the public Internet choose Public To make your gateway access AWS services through the VPC endpoint in your VPC choose VPC This walkthorough assumes that you are activating your gateway with a public endpoint For Information about how to activate a gateway using a VPC endpoint see Activating a G...

Page 47: ...ances and then choose the EC2 instance 3 Choose the Description tab at the bottom and then note the IP address You use this IP address to activate the gateway For activation you can use the public or private IP address assigned to a gateway You must be able to reach the IP address that you use from the browser from which you perform the activation In this walkthrough we use the public IP address t...

Page 48: ...gion where your gateway will be activated and where your data will be stored If Endpoint type is VPC the AWS Region should be same as the Region where your VPC Endpoint is located 3 Choose Activate gateway 4 If activation is not successful see Troubleshooting Your Gateway p 316 for possible solutions Conﬁguring Local Disks When you deployed the VM you allocated local disks for your gateway Now you...

Page 49: ...f authentication A ﬁle share with Microsoft Active Directory AD access Any authenticated Microsoft AD user gets access to this ﬁle share type An SMB ﬁle share with limited access Only certain domain users and groups that you specify are allowed access white listed Users and groups can also be denied access black listed An SMB ﬁle share with guest access Any users who can provide the guest password...

Page 50: ...own AWS KMS key you must enable SSE KMS encryption When you do so provide the Amazon Resource Name ARN of the KMS key when you create your ﬁle share You can also update KMS settings for your ﬁle share by using the UpdateNFSFileShare or UpdateSMBFileShare API operation This update applies to objects stored in the Amazon S3 buckets after the update Topics Creating an NFS File Share p 43 Creating an ...

Page 51: ...Account Access p 146 Choose Enable requester pays if you are using this ﬁle share on a bucket that requires the requester or reader instead of bucket owner to pay for access charges For more information see Requester Pays Buckets 8 For Access to your bucket choose the AWS Identity and Access Management IAM role that you want your gateway to use to access your Amazon S3 bucket This role allows the ...

Page 52: ... choose Create ﬁle share After your NFS ﬁle share is created you can see your ﬁle share settings in the ﬁle share s Details tab Next Step Mounting Your NFS File Share on Your Client p 51 Creating an SMB File Share Before you create an SMB ﬁle share make sure that you conﬁgure security settings and SMB settings for your ﬁle gateway You also conﬁgure either Microsoft Active Directory AD or guest acc...

Page 53: ...le gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled Client negotiated if you choose this option requests are established based on what is negotiated by the client This option is recommended when you want to maximize compatibility across diﬀerent clients in your environment Note For gateways activated before June 20 2019 the default security level is Client nego...

Page 54: ...e to create a hosted Microsoft Active Directory domain service in the AWS Cloud 6 For Domain user enter your account name Your account must be able to join a server to a domain 7 For Domain password enter your account password 8 For Organizational unit enter your organizational unit 9 For Domain controllers enter a comma separated list of Internet Protocol version 4 IPv4 addresses NetBios names or...

Page 55: ... your logon was not recognized by the domain service The error message The gateway cannot connect to the specified domain can indicate that the quota of users has been exhausted in other words there are no more users in the quota The default limit allows each user to join up to 10 systems to a domain This error can also appear if the user that tried to connect didn t have administrator privileges ...

Page 56: ...lability Zones that are geographically separated Choose S3 Standard IA to store your infrequently accessed object data redundantly in multiple Availability Zones that are geographically separated Choose S3 One Zone IA to store your infrequently accessed object data in a single Availability Zone For more information see Storage Classes in the Amazon Simple Storage Service Developer Guide 7 For Obje...

Page 57: ... 10 For Microsoft AD authentication make sure that Active Directory appears for Select authentication method Microsoft AD access is the default authentication method Note For Microsoft AD access your ﬁle gateway must be joined to a domain For guest access you must have set a guest access password Both access types are available at the same time 11 For Export as choose Read write the default or Rea...

Page 58: ...hare on the AWS Management Console In following sections you can ﬁnd details on how to mount your ﬁle share on your client use your share test your ﬁle gateway and clean up resources as needed Topics Mounting Your NFS File Share on Your Client p 51 Mounting Your SMB File Share on Your Client p 52 Working with File Shares on a Bucket with Pre exisiting Objects p 55 Testing Your File Gateway p 55 Wh...

Page 59: ...r mount options after mounting by running the mount command with no options The response should that conﬁrm the ﬁle share was mounted using the latest options you provided It also should conﬁrm that you are not using cached old entries which take at least 60 seconds to clear Next Step Testing Your File Gateway p 55 Mounting Your SMB File Share on Your Client Now you mount your SMB ﬁle share and ma...

Page 60: ...ess the Windows key and type cmd to view the command prompt menu item 2 Open the context right click menu for Command Prompt and choose Run as administrator 3 Type the following command C cmdkey add Gateway VM IP address user DomainName UserName pass Password Note When mounting ﬁle shares be aware of the following You might have a case where a folder and an object exist in an Amazon S3 bucket and ...

Page 61: ...torage Gateway Management Console You can also refresh the data in the ﬁle share s cache and delete a ﬁle share from the console To modify your SMB ﬁle share s properties 1 Open the AWS Storage Gateway console at https console amazonaws cn storagegateway home 2 On the navigation pane choose File Shares 3 On the File Share page select the check box by the SMB ﬁle share that you want to modify 4 For...

Page 62: ...3 Bucket p 153 ﬁrst Note We don t recommend having multiple writers for one Amazon S3 bucket If you do be sure to read the section Can I have multiple writers to my Amazon S3 bucket in the Storage Gateway FAQ To assign metadata defaults to objects accessed using NFS see Editing Metadata Defaults in the section called Managing Your File Gateway p 144 For SMB you can export a share using Microsoft A...

Page 63: ...f this guide include information about how to do the following To manage your ﬁle gateway see Managing Your File Gateway p 144 To optimize your ﬁle gateway see Optimizing Gateway Performance p 287 To troubleshoot gateway problems see Troubleshooting Your Gateway p 316 To learn about Storage Gateway metrics and how you can monitor how your gateway performs see Monitoring Your Gateway and Resources ...

Page 64: ...hed volumes p 3 Store your data in AWS and retain a copy of frequently accessed data subsets locally Stored volumes p 5 Store all your data locally and asynchronously back up point in time snapshots to AWS To choose a gateway type 1 Open the AWS Management Console at http console www amazonaws cn storagegateway home and choose the AWS Region that you want to create your gateway in If you have prev...

Page 65: ...ize and might take some time to download depending on your network connection For EC2 you create an instance from the provided AMI 3 Deploy the downloaded image to your hypervisor You need to add at least one local disk for your cache and one local disk for your upload buﬀer during the deployment A ﬁle gateway requires only one local disk for a cache For information about local disk requirements s...

Page 66: ...he correct time and synchronize it with a Network Time Protocol NTP server If you choose EC2 do the following Launch an Amazon Machine Image AMI that contains the gateway VM image and then activate the gateway For information about deploying your gateway to an Amazon EC2 host see Deploying a Volume or Tape Gateway on an Amazon EC2 Host p 349 If you choose the hardware appliance see Activate Your H...

Page 67: ...able To get the IP address for your gateway VM from the local console 1 Log on to your gateway VM local console For detailed instructions see the following VMware ESXi Accessing the Gateway Local Console with VMware ESXi p 273 Microsoft Hyper V Access the Gateway Local Console with Microsoft Hyper V p 274 2 Get the IP address from the top of the menu page and make note of it for later use To get t...

Page 68: ...y setting Gateway Time Zone speciﬁes the time zone to use for your gateway Gateway Name identiﬁes your gateway You use this name to manage your gateway in the console you can change it after the gateway is activated This name must be unique to your account The following screenshot shows the activation page for a volume gateway 2 AWS Region speciﬁes the AWS Region where your gateway will be activat...

Page 69: ... the size of existing disks if the disks have been previously allocated as either a cache or upload buﬀer For a cached volume p 3 you conﬁgure at least one disk for an upload buﬀer and the other for cache storage For a stored volume p 5 you conﬁgure at least one disk for an upload buﬀer and allocate the rest of the storage for your application data To conﬁgure local disks 1 On the Conﬁgure local d...

Page 70: ...g the volume for For cached volumes you have the following options Create a new empty volume Create a volume based on an Amazon EBS snapshot If you choose this option provide a value for EBS snapshot ID Clone from last volume recovery point If you choose this option choose a volume ID for Source volume If there are no volumes in the region this option doesn t appear For stored volumes you have the...

Page 71: ...tication for Your Volumes p 64 following If you don t want to set up CHAP get started using your volume For more information see Using Your Volume p 65 Conﬁgure CHAP Authentication for Your Volumes CHAP provides protection against playback attacks by requiring authentication to access your storage volume targets In the Conﬁgure CHAP Authentication dialog box you provide information to conﬁgure CHA...

Page 72: ...oft Windows Client p 65 Connecting to a Red Hat Enterprise Linux Client p 65 Connecting to a Microsoft Windows Client The following procedure shows a summary of the steps that you follow to connect to a Windows client For more information see Connecting iSCSI Initiators p 364 To connect to a Windows client 1 Start iscsicpl exe 2 In the iSCSI Initiator Properties dialog box choose the Discovery tab...

Page 73: ...rect GATEWAY_IP and IQN in the connect command Use the following command sudo sbin iscsiadm mode node targetname iqn 1997 05 com amazon ISCSI_TARGET_NAME portal GATEWAY_IP 3260 1 login 5 Verify that the volume is attached to the client machine the initiator To do so use the following command ls l dev disk by path The output of the command should look like the following example output lrwxrwxrwx 1 ...

Page 74: ...ick menu for the disk and then choose New Simple Volume Important Be careful not to format the wrong disk Check to make sure that the disk you are formatting matches the size of the local disk you allocated to the gateway VM and that it has a status of Unallocated c Specify the maximum disk size d Assign a drive letter or path to your volume and format the volume by choosing Perform a quick format...

Page 75: ...the partition and create a ﬁle system by using the following command sudo mkfs drive letter datapartition dev your volume 7 Mount the ﬁle system by using the following command sudo mount o defaults dev your volume mnt your directory Testing Your Gateway You test your volume gateway setup by performing the following tasks 1 Write data to the volume 2 Take a snapshot 3 Restore the snapshot to anothe...

Page 76: ...re Do I Go from Here In the preceding sections you created and provisioned a gateway and then connected your host to the gateway s storage volume You added data to the gateway s iSCSI volume took a snapshot of the volume and restored it to a new volume connected to the new volume and veriﬁed that the data shows up on it After you ﬁnish the exercise consider the following If you plan on continuing ...

Page 77: ... formula takes into account the diﬀerence between throughput from your application to your gateway and throughput from your gateway to AWS multiplied by how long you expect to write data For example assume that your applications write text data to your gateway at a rate of 40 MB per second for 12 hours a day and your network throughput is 12 MB per second Assuming a compression factor of 2 1 for t...

Page 78: ... back up your on premises AWS Storage Gateway volumes using the native snapshot scheduler in Storage Gateway or AWS Backup In both cases Storage Gateway volume backups are stored as Amazon EBS snapshots in AWS Topics Using Storage Gateway to Back Up Your Volumes p 71 Using AWS Backup to Back Up Your Volumes p 71 Using Storage Gateway to Back Up Your Volumes You can use the Storage Gateway Manageme...

Page 79: ...e managed through AWS Backup to any on premises gateway or in cloud gateway You can also restore such a volume to an Amazon EBS volume that you can use with Amazon EC2 instances Beneﬁts of Using AWS Backup to Back Up Storage Gateway Volumes The beneﬁts of using AWS Backup to back up Storage Gateway volumes are that you can meet compliance requirements avoid operational burden and centralize backup...

Page 80: ...an on demand backup of the Storage Gateway volume choose Create on demand backup with AWS Backup You are directed the AWS Backup console If you want to create a new AWS Backup plan choose Create AWS backup plan You are directed to the AWS Backup console API Version 2013 06 30 73 ...

Page 81: ... User Guide For more information see Recovery Points in the AWS Backup User Guide To ﬁnd and restore your volumes 1 Open the AWS Backup console and ﬁnd the Storage Gateway volume backup that you want to restore You can restore the Storage Gateway volume backup to an Amazon EBS volume or to a Storage Gateway volume Choose the appropriate option for your restore requirements 2 For Restore type choos...

Page 82: ... gateway Topics Choosing a Gateway Type p 75 Choosing a Host Platform and Downloading the VM p 76 Choosing a Service Endpoint p 39 Connecting to Your Gateway p 78 Activating Your Gateway p 79 Conﬁguring Local Disks p 81 Choosing a Gateway Type For a tape gateway p 6 you store and archive your data on virtual tapes in AWS A tape gateway eliminates some of the challenges associated with owning and o...

Page 83: ...ance you launch an Amazon Machine Image AMI that contains the gateway VM image and then activate the gateway For information about supported host platforms see Supported Hypervisors and Host Requirements p 20 Note You can run only ﬁle cached volume and tape gateways on an Amazon EC2 instance To select a host platform and download the VM 1 On the Select host platform page choose the virtualization ...

Page 84: ...ks must be stored in ﬁxed size provisioned format When allocating disks choose virtual hard disk vhd ﬁle Storage Gateway supports the vhdx ﬁle type By using this ﬁle type you can create larger virtual disks than with other ﬁle types If you create a vhdx type virtual disk make sure that the size of the virtual disks that you create doesn t exceed the recommended disk size for your gateway For both ...

Page 85: ...zon EC2 instance you can get the IP address from the Amazon EC2 console The activation process associates your gateway with your AWS account Your gateway VM must be running for activation to succeed Make sure that you select the correct gateway type The ova ﬁles and AMIs for the gateway types are diﬀerent and are not interchangeable To get the IP address for your gateway VM from the local console ...

Page 86: ...to Your Gateway p 391 Activating Your Gateway When your gateway VM is deployed and running you can conﬁgure your gateway settings and activate your gateway If activation fails check that the IP address you entered is correct If the IP address is correct conﬁrm that your network is conﬁgured to let your browser access the gateway VM For more information on troubleshooting see Troubleshooting On Pre...

Page 87: ...edium changer type Medium changer type speciﬁes the type of medium changer to use for your backup application The type of medium changer you choose depends on the backup application you plan to use The following table lists third party backup applications that have been tested and found to be compatible with tape gateways This table includes the medium changer type recommended for each backup appl...

Page 88: ...gateway When the gateway is successfully activated the AWS Storage Gateway console displays the Conﬁgure local storage page If activation is not successful see Troubleshooting Your Gateway p 316 for possible solutions Conﬁguring Local Disks When you deployed the VM you allocated local disks for your gateway Now you conﬁgure your gateway to use these disks Note If you allocate local disks on a VMwa...

Page 89: ...ntly you can do this by using the AWS Storage Gateway API Reference For more information see CreateTapes or create tapes To create virtual tapes 1 In the navigation pane choose the Gateways tab 2 Choose Create tapes to open the Create tapes dialog box 3 For Gateway choose a gateway The tape is created for this gateway 4 For Number of tapes choose the number of tapes you want to create For more inf...

Page 90: ...utomatically archived in DEEP_ARCHIVE You use DEEP_ARCHIVE for long term data retention and digital preservation where data is accessed once or twice a year You can retrieve tapes archived in DEEP_ARCHIVE within 12 hours For detailed information see Storage Classes for Archiving Objects If you archive a tape in GLACIER you can move it to DEEP_ARCHIVE later For more information see Moving Your Tape...

Page 91: ...rives and the medium changer appear in the Discovered targets box The status for the targets is Inactive 6 Choose the ﬁrst device and connect it You connect the devices one at a time 7 Connect all of the targets On a Windows client the driver provider for the tape drive must be Microsoft Use the following procedure to verify the driver provider and update the driver and provider if necessary To ve...

Page 92: ...ut of the discovery command looks like the following example output For volume gateways GATEWAY_IP 3260 1 iqn 1997 05 com amazon myvolume For tape gateways iqn 1997 05 com amazon GATEWAY_IP tapedrive 01 4 Connect to a target Make sure to specify the correct GATEWAY_IP and IQN in the connect command Use the following command sudo sbin iscsiadm mode node targetname iqn 1997 05 com amazon ISCSI_TARGE...

Page 93: ...Using Dell EMC NetWorker p 95 Testing Your Setup by Using IBM Spectrum Protect p 97 Testing Your Setup by Using Micro Focus HPE Data Protector p 99 Testing Your Setup by Using Microsoft System Center Data Protection Manager p 104 Testing Your Setup by Using NovaStor DataCenter Network p 107 Testing Your Setup by Using Quest NetVault Backup p 112 Testing Your Setup by Using Veeam Backup Replication...

Page 94: ...ot found in the Arcserve software try restarting the tape engine in Arcserve To restart the tape engine 1 Choose Quick Start choose Administration and then choose Device 2 On the navigation menu open the context right click menu for your gateway and choose an import export slot 3 Choose Quick Import and assign your tape to an empty slot 4 Open the context right click menu for your gateway and choo...

Page 95: ...chive a tape 1 From the Quick Start menu open the restore a backup session 2 Choose the Source tab and then choose the ﬁle system or database system you want to back up 3 Choose the Schedule tab and choose the repeat method you want to use 4 Choose your gateway open the context right click menu for one tape and then choose Import Export Slot 5 Assign a mail slot to load the tape The status in the ...

Page 96: ...stems 2 Install the Bacula Enterprise software on your on premises or in cloud computer For information about how to get the installation software see Enterprise Backup for Amazon S3 and AWS Storage Gateway For additional installation guidance see the Bacula whitepaper Using Cloud Services and Object Storage with Bacula Enterprise Edition Conﬁguring Bacula to Work with VTL Devices Next conﬁgure Ba...

Page 97: ...rive 0 Archiving a Tape When all backup jobs for a particular tape are done and you can archive the tape use the mtx changer script to move the tape from the storage slot to the I E slot This action is similar to the eject action in other backup applications To archive a tape 1 Transfer the tape from the storage slot to the I E slot by using the opt bacula scripts mtx changer command For example t...

Page 98: ... p 91 Creating a Storage Policy and a Subclient p 92 Backing Up Data to a Tape in Commvault p 93 Archiving a Tape in Commvault p 93 Restoring Data from a Tape p 94 Conﬁguring Commvault to Work with VTL Devices After you connect the VTL devices to the Windows client you conﬁgure Commvault to recognize them For information about how to connect VTL devices to the Windows client see Connecting Your VT...

Page 99: ...in your library open the context right click menu for your library and then choose Discover Media Media location Media Library 11 To mount your tapes open the context right click menu for your media and then choose Load Creating a Storage Policy and a Subclient Every backup and restore job is associated with a storage policy and a subclient policy A storage policy maps the original location of the...

Page 100: ...bclient property box choose the Storage Device tab choose a storage policy from Storage policy and then choose OK 6 In the Backup Schedule window that appears associate the new subclient with a backup schedule 7 Choose Do Not Schedule for one time or on demand backups and then choose OK You should now see your subclient in the defaultBackupSet tab Backing Up Data to a Tape in Commvault You create ...

Page 101: ...ick it and then choose Browse and Restore 4 In the Browse and Restore Options dialog box choose View Content 5 Choose the ﬁles that you want to restore and then choose Recover All Selected 6 Choose Home and then choose Job Controller to monitor the status of your restore job To restore data from an archived and retrieved tape 1 In the CommCell browser choose Storage Resources choose Libraries and ...

Page 102: ...ateway p 22 Topics Conﬁguring Dell EMC NetWorker to Work with VTL Devices p 95 Enabling Import of WORM Tapes into Dell EMC NetWorker p 96 Backing Up Data to a Tape in Dell EMC NetWorker p 96 Archiving a Tape in Dell EMC NetWorker p 97 Restoring Data from an Archived Tape in Dell EMC NetWorker p 97 Conﬁguring Dell EMC NetWorker to Work with VTL Devices After you have connected your virtual tape lib...

Page 103: ...enable selected volumes are highlighted open the context right click menu for the selected volumes and then choose Deposit This action moves the tape from the I E slot into the volume slot 12 In the dialog box that appears choose Yes and then in the Load the Cartridges into dialog box choose Yes 13 If you don t have any more tapes to deposit choose No or Ignore Otherwise choose Yes to deposit addi...

Page 104: ...y you imported from your virtual tape library 3 From the list of tapes that you have written data to open the context right click menu for the tape you want to archive and then choose Eject Withdraw 4 In the conﬁrmation box that appears choose OK The archiving process can take some time to complete The initial status of the tape appears as IN TRANSIT TO VTS When archiving starts the status changes...

Page 105: ...dows 2012 To conﬁgure IBM Spectrum Protect 1 Get the correct driver package for your media changer For the tape device driver IBM Spectrum Protect requires version W12 6266 for Windows 2012 For instructions on how to get the drivers see Tape Device Driver W12 6266 for Windows 2012 on the Lenovo website Note Make sure that you install the non exclusive set of drivers 2 On your computer open Compute...

Page 106: ...ons see Supported Third Party Backup Applications for a Tape Gateway p 22 Topics Conﬁguring Micro Focus HPE Data Protector to Work with VTL Devices p 99 Preparing Virtual Tapes for Use with HPE Data Protector p 100 Loading Tapes into a Media Pool p 102 Backing Up Data to a Tape p 102 Archiving a Tape p 103 Restoring Data from a Tape p 103 Conﬁguring Micro Focus HPE Data Protector to Work with VTL ...

Page 107: ...ar unchecked unless your system requires it e Choose Next to continue 4 On the next screen specify the slots that you want to use with HP Data Protector Use a hyphen between numbers to indicate a range of slots for example 1 6 When you ve speciﬁed slots to use choose Next 5 For the standard type of media used by the physical device choose LTO_Ultrium and then choose Finish to complete the setup Yo...

Page 108: ...the drive is clean before backup SCSI Reserve Release drive to avoid tape contention For testing purposes you can leave these options disabled unchecked b On the Sizes tab set the Block size kB to Default 256 c Choose OK to close the advanced options screen and then choose Next to continue 5 On the next screen choose these options under Device Policies Device may be used for restore Device may be ...

Page 109: ...tion choose Use barcode and then choose Next 5 For Options choose Force Operation and then choose Finish You should now see your chosen slot change from a status of unassigned gray to a status of tape inserted green A series of messages appear to conﬁrm that your media is initialized At this point you should have everything conﬁgured to begin using your virtual tape library with HPE Data Protector...

Page 110: ...t before archiving it 1 Choose Slots and then choose the tape you want to check 2 Choose Objects and check what content is on the tape When you have chosen a tape to archive use the following procedure To eject and archive a tape 1 Open the context right click menu for that tape and choose Eject 2 On the AWS Storage Gateway console choose your gateway and then choose VTL Tape Cartridges and verify...

Page 111: ...tape gateway and perform a backup and restore operation For detailed information about how to use DPM see the DPM documentation on the Microsoft System Center website For more information about compatible backup applications see Supported Third Party Backup Applications for a Tape Gateway p 22 Topics Conﬁguring DPM to Recognize VTL Devices p 104 Importing a Tape into DPM p 105 Writing Data to a Ta...

Page 112: ...le on the DPM server ProgramFiles System Center 2016 R2 DPM DPM Config DPMLA xml Note If this ﬁle exists the DPMDriveMappingTool overwrites it If you want to preserve your original ﬁle create a backup copy 5 Open a command terminal change the directory to ProgramFiles System Center 2016 R2 DPM DPM Bin and run the following command C Microsoft System Center 2016 R2 DPM DPM bin DPMDriveMappingTool e...

Page 113: ...to it In the following screenshot the tape in slot 2 has been identiﬁed and is free to use but the tape in slot 3 is not Writing Data to a Tape in DPM You write data to a tape gateway virtual tape by using the same protection procedures and policies you do with physical tapes You create a protection group and add the data you want to back up and then back up the data by creating a recovery point F...

Page 114: ...d data is a two step process To restore data from an archived tape 1 Retrieve the archived tape from archive to a tape gateway For instructions see Retrieving Archived Tapes p 181 2 Use the DPM backup application to restore the data You do this by creating a recovery point as you do when restoring data from physical tapes For instructions see Recovering Client Computer Data on the DPM website Next...

Page 115: ... the context menu right click for Media Management Servers choose New and choose OK to create and prepopulate a storage node If you see an error message that says External Program did not exit correctly resolve the issue before you continue This issue requires a workaround For information about how to resolve this issue see Resolving an External Program Did Not Exit Correctly Error p 111 in the No...

Page 116: ...Scratch Pools dialog box name your scratch pool and then choose your media type 4 Choose Label Volume and create a low water mark for the scratch pool When the scratch pool is emptied down to the low water mark a warning appears 5 In the warning dialog box that appears choose OK to create the scratch pool To assign tapes to a scratch pool 1 In the left navigation menu choose Tape Library Managemen...

Page 117: ...ow to back up data using the NovaStor software see Start Backup Job in the NovaStor documentation Archiving a Tape When you archive a tape a tape gateway ejects the tape from the tape drive to the storage slot It then exports the tape from the slot to the archive by using your backup application that is NovaStor DataCenter Network To archive a tape 1 In the left navigation menu choose Tape Library...

Page 118: ...element assignment range from AWS Storage Gateway for storage drives and tape drives exceeds the number that NovaStor DataCenter Network allows Storage Gateway returns 3200 storage and import export slots which is more than the 2400 limit that NovaStor DataCenter Network allows To resolve this issue you add a conﬁguration ﬁle that enables the NovaStor software to limit the number of storage and im...

Page 119: ...0 0 Quest NetVault Backup 11 x Quest NetVault Backup 12 x In this topic you can ﬁnd basic documentation on how to conﬁgure the Quest NetVault Backup application for a tape gateway and perform a backup and restore operation For additional setup information see Backing up to Amazon AWS with Quest NetVault Backup on the Quest formerly Dell website For detailed information about how to use the Quest N...

Page 120: ...ose them to the Quest NetVault Backup application and then discover the VTL devices Adding VTL Devices To add the VTL devices 1 In Quest NetVault Backup choose Manage Devices in the Conﬁguration tab 2 On the Manage Devices page choose Add Devices 3 In the Add Storage Wizard choose Tape library media changer and then choose Next 4 On the next page choose the client machine that is physically attach...

Page 121: ...king Up Data to a Tape in the Quest NetVault Backup You create a backup job and write data to a virtual tape by using the same procedures you do with physical tapes For detailed information about how to back up data see the Quest NetVault Backup documentation Archiving a Tape by Using the Quest NetVault Backup When you archive a tape a tape gateway ejects the tape from the tape drive to the storag...

Page 122: ...reating a restoring a folder ﬁle as you do when restoring data from physical tapes For instructions see the Quest NetVault Backup 10 0 1 Administration Guide Creating a restore job in the Quest NetVault Backup documentation Next Step Cleaning Up Resources You Don t Need p 133 Testing Your Setup by Using Veeam Backup Replication You can back up your data to virtual tapes archive the tapes and manag...

Page 123: ... instructions see Updating the Device Driver for Your Medium Changer p 359 Discovering VTL Devices For the Veeam 9 backup application you must use native SCSI commands instead of a Windows driver to discover your tape library if your media changer is unknown For detailed instructions see Working with Tape Libraries To discover VTL devices 1 In the Veeam software choose Backup Infrastructure When t...

Page 124: ...u create a media pool and write data to a virtual tape by using the same procedures you do with physical tapes For detailed information about how to back up data see the Veeam documentation in the Veeam Help Center Archiving a Tape by Using Veeam When you archive a tape tape gateway moves the tape from the Veeam tape library to the oﬄine storage You begin tape archival by ejecting from the tape dr...

Page 125: ...r data to virtual tapes archive the tapes and manage your virtual tape library VTL devices by using Veritas Backup Exec In this topic you can ﬁnd basic documentation needed to perform backup and restore operations using the following versions of Backup Exec Veritas Backup Exec 2014 Veritas Backup Exec 15 Veritas Backup Exec 16 Veritas Backup Exec 20 x The procedure for using these versions of Back...

Page 126: ... tape drives However your Backup Exec license agreement might require your backup application to work with fewer than 10 tape drives In that case you must disable tape drives in the Backup Exec robotic library to leave only the number of tape drives allowed by your license agreement enabled For instructions see Disabling a Tape Drive in Backup Exec p 122 4 After the restart is completed close the ...

Page 127: ...u must have tapes available in your gateway tape library to import a tape into a storage slot For instructions on how to create tapes see Adding Virtual Tapes p 178 3 Open the context right click menu for an empty slot choose Import and then choose Import media now In the following screenshot slot number 3 is empty You can select more than one slot and import multiple tapes in a single import oper...

Page 128: ...ls and then choose Respond OK in the Alert Media Intervention window In the AWS Storage Gateway console you can verify the status of the tape you are archiving It might take some time to ﬁnish uploading data to AWS During this time the exported tape is listed in the tape gateway s VTL with the status IN TRANSIT TO VTS When the upload is completed and the archiving process begins the status changes...

Page 129: ...8 x The procedure for using these versions of Backup Exec with a tape gateway is similar For detailed information about how to use NetBackup see the Veritas Services and Operations Readiness Tools SORT on the Veritas website For Veritas support information on hardware compatibility see the NetBackup 7 0 7 6 x Hardware Compatibility List on the Veritas website For more information about compatible ...

Page 130: ... on your computer 6 In the Backup Devices window choose Next 7 In the Drag and Drop Conﬁguration window verify that your medium changer is selected and then choose Next 8 In the dialog box that appears choose Yes to save the conﬁguration on your computer The NetBackup application updates the device conﬁguration 9 When the update is completed choose Next to make the devices available to the NetBack...

Page 131: ...ot list 6 In the Robot Inventory window select Update volume conﬁguration select Preview changes select Empty media access port prior to update and then choose Start The process then inventories your medium changer and virtual tapes in the NetBackup Enterprise Media Management EMM database NetBackup stores media information device conﬁguration and tape status in the EMM 7 In the Robot Inventory wi...

Page 132: ...them available to your backup application you are ready to test your gateway To test your gateway you back up data onto the virtual tapes you created and archive the tapes Backing Up Data to a Tape You test the tape gateway setup by backing up data onto your virtual tapes Note You should back up only a small amount of data for this Getting Started exercise because there are costs associated with s...

Page 133: ...ted is added to the volume pool list The following screenshot shows a list of volume pools To add virtual tapes to a volume pool 1 Expand the Robots node and select the TLD 0 robot to display the virtual tapes this robot is aware of If you have previously connected a robot your tape gateway robot might have a diﬀerent name 2 From the list of virtual tapes open the context right click menu for the ...

Page 134: ...licy speciﬁes what data to back up when to back it up and which volume pool to use 1 Choose your Master Server to return to the Veritas NetBackup console The following screenshot shows the NetBackup console with Create a Policy selected 2 Choose Create a Policy to open the Policy Conﬁguration Wizard window 3 Select File systems databases applications and choose Next 4 For Policy Name type a name f...

Page 135: ...folder or ﬁles you want to back up choose OK and then choose Next 8 In the Backup Types window accept the defaults and then choose Next Note If you want to initiate the backup yourself select User Backup 9 In the Frequency and Retention window select the frequency and retention policy you want to apply to the backup For this exercise you can accept all the defaults and choose Next 10 In the Start ...

Page 136: ... manual backup at any time which we do in the next step To perform a manual backup 1 On the navigation pane of the NetBackup console expand the NetBackup Management node 2 Expand the Policies node 3 Open the context right click menu for your policy and choose Manual Backup 4 In the Manual Backup window select a schedule select a client and then choose OK API Version 2013 06 30 129 ...

Page 137: ...ick menu for the identiﬁer of your backup job in the Job ID column and then choose Details 2 In the Job Details window choose the Detailed Status tab 3 In the Status box locate the media ID For example in the following screenshot the media ID is 87A222 This ID helps you determine which tape you have written data to You have now successfully deployed a tape gateway created virtual tapes and backed ...

Page 138: ...pand the Media node 2 Expand Robots and choose TLD 0 3 Open the context right click menu for the virtual tape you want to archive and choose Eject Volume From Robot 4 In the Eject Volumes window make sure the Media ID matches the virtual tape you want to eject and then choose Eject 5 In the dialog box choose Yes The dialog box is shown following API Version 2013 06 30 131 ...

Page 139: ...ANSIT TO VTS When archiving starts the status is ARCHIVING Once data upload has completed the ejected tape is no longer listed in the VTL but is archived in GLACIER or DEEP_ARCHIVE 8 To verify that the virtual tape is no longer listed in your gateway choose your gateway and then choose VTL Tape Cartridges 9 In the navigation pane of the AWS Storage Gateway console choose Tapes Verify that your arc...

Page 140: ...o determine real world disk sizes see Managing Local Disks for Your AWS Storage Gateway p 220 Also consider cleaning up if you don t plan to continue using your tape gateway Cleaning up lets you avoid incurring charges For information on cleanup see Cleaning Up Resources You Don t Need p 133 Cleaning Up Resources You Don t Need If you created the gateway as an example exercise or a test consider c...

Page 141: ...ere your VPC endpoint was created For ﬁle gateway the Amazon S3 that is conﬁgured for the ﬁle share must be in the same region where you created the VPC endpoint for S3 Creating a Gateway Using a VPC Endpoint In this section you can ﬁnd instructions about how to download deploy and activate your ﬁle gateway using a VPC endpoint Topics Create VPC Endpoint for Storage Gateway p 134 Choose a Gateway ...

Page 142: ...r AWS Storage Gateway section above but you choose com amazonaws us east 2 s3 under Service Name instead Then you select the route table that you want the S3 endpoint associated with instead of subnet security group For instructions see Creating a Gateway Endpoint Choose a Gateway Type To choose a gateway type 1 Open the AWS Management Console at http console www amazonaws cn storagegateway home a...

Page 143: ... disk for your upload buﬀer during the deployment A ﬁle gateway requires only one local disk for a cache For information about local disk requirements see Hardware and Storage Requirements p 11 If you choose VMware do the following Store your disk in Thick provisioned format When you use thick provisioning the disk storage is allocated immediately resulting in better performance In contrast thin p...

Page 144: ...st see Deploying a Volume or Tape Gateway on an Amazon EC2 Host p 349 If you choose the hardware appliance see Activate Your Hardware Appliance p 29 For information about deploying your gateway to an Amazon EC2 host see Deploy Your Gateway to an Amazon EC2 Host p 351 Choose a Service Endpoint You can activate your gateway using a private VPC endpoint If you use a VPC endpoint all communication fro...

Page 145: ... Microsoft Hyper V Access the Gateway Local Console with Microsoft Hyper V p 274 2 Get the IP address from the top of the menu page and make note of it for later use To get the IP address from an EC2 instance 1 Open the Amazon EC2 console at https console amazonaws cn ec2 2 In the navigation pane choose Instances and then choose the EC2 instance 3 Choose the Description tab at the bottom and then ...

Page 146: ...ternal network acl localnet src fc00 7 RFC 4193 local private network range acl localnet src fe80 10 RFC 4291 link local directly plugged machines acl SSL_ports port 443 acl SSL_ports port 1026 acl SSL_ports port 1027 acl SSL_ports port 1028 acl SSL_ports port 1031 acl SSL_ports port 2222 acl CONNECT method CONNECT Recommended minimum Access Permission configuration Deny requests to certain unsafe...

Page 147: ...following required TCP ports by default TCP 443 TCP 1026 TCP 1027 TCP 1028 TCP 1031 TCP 2222 To use the VM local console to conﬁgure the http proxy follow these steps 1 Log in to your gateway s VM local console For information about how to log in see Logging In to the File Gateway Local Console p 229 2 In the main menu choose Conﬁgure HTTP proxy 3 In the Conﬁguration menu choose Conﬁgure HTTP prox...

Page 148: ...t be unique to your account The following screenshot shows the activation page for a ﬁle gateway 2 Choose Activate gateway 3 If activation is not successful see Troubleshooting Your Gateway p 316 for possible solutions To associate your gateway with your AWS account If you don t have internet access and private network access from your browser 1 Enter the fully qualiﬁed DNS name of the PL DNS name...

Page 149: ...u conﬁgure your gateway to use these disks To conﬁgure local disks 1 On the Conﬁgure local disks page identify the disks you added and decide which ones you want to allocate for cached storage For information about disk size limits see Recommended Local Disk Sizes For Your Gateway p 397 2 Choose Cache for the disk you want to conﬁgure as cache storage If you don t see your disks choose Refresh 3 C...

Page 150: ...aws com Required only for File Gateway When Storage Gateway is communicating through the VPC endpoint it communicates with the AWS services through multiple ports on the Storage Gateway VPC endpoint and port 443 on the S3 private endpoint TCP ports on Storage Gateway VPC endpoint 443 1026 1027 1028 1031 and 2222 TCP port on S3 private endpoint 443 You are now ready to create resources for your gat...

Page 151: ...teway p 154 Understanding File Share Status p 154 File Share Best Practices p 155 Adding a File Share After your ﬁle gateway is activated and running you can add additional ﬁle shares and grant access to Amazon S3 buckets Buckets that you can grant access to include buckets in a diﬀerent AWS account than your ﬁle share For information about how to add a ﬁle share see Creating a File Share p 42 Top...

Page 152: ... and attach it to your ﬁle share For more information about how to do this see Creating a File Share p 42 The following example policy allows your ﬁle gateway to perform all the Amazon S3 actions listed in the policy The ﬁrst part of the statement allows all the actions listed to be performed on the S3 bucket named TestBucket The second part allows the listed actions on all objects in TestBucket V...

Page 153: ... For an example of such a trust policy see Granting Access to an Amazon S3 Bucket p 144 3 Open the AWS Storage Gateway console at https console amazonaws cn storagegateway home 4 Choose Give bucket owner full control in the Object metadata settings in the Conﬁgure ﬁle share setting dialog box When you have created or updated your ﬁle share for cross account access and mounted the ﬁle share on prem...

Page 154: ... on the Network File System NFS ﬁle share is uploaded before deleting the ﬁle share For example you might want to intentionally discard data that was written but has not yet been uploaded In another example the Amazon S3 bucket or objects that back the ﬁle share might have already been deleted meaning that uploading the speciﬁed data is no longer possible In these cases you can forcibly delete the...

Page 155: ...ndantly in multiple Availability Zones that are geographically separated S3 One Zone_IA Store your infrequently accessed object data a single Availability Zone For more information see Storage Classes in the Amazon Simple Storage Service Developer Guide For Object metadata choose the metadata that you want to use Choose Guess MIME type to enable guessing of the MIME type for uploaded objects based...

Page 156: ...permissions are stored in object metadata When your ﬁle gateway discovers objects that weren t stored by the ﬁle gateway these objects are assigned default Unix ﬁle permissions You can ﬁnd the default Unix permissions in the following table Metadata Description Directory permissions The Unix directory mode in the form nnnn For example 0666 represents the access mode for all directories inside the ...

Page 157: ...ctions choose Edit share access settings 4 In the Edit allowed clients dialog box choose Add entry provide the IP address or CIDR notation for the client that you want to allow and then choose Save Editing Access Settings for Your SMB File Share You can set the security level for your gateway set access for AD user and give guests access to your ﬁle share Topics Setting a Security Level for Your G...

Page 158: ... clients that have signing enabled Client negotiated if you choose this option requests are established based on what is negotiated by the client This option is recommended when you want to maximize compatibility across diﬀerent clients in your environment Note For gateways activated before June 20 2019 the default security level is Client negotiated For gateways activated on June 20 2019 and late...

Page 159: ...s section choose Join domain Note If your gateway can t join an Active Directory directory try joining with the directory s IP address by using the JoinDomain API operation 5 For Domain name provide the domain that you want the gateway to join You can join a domain by using its IP address or its organizational unit An organizational unit is an Active Directory subdivision that can hold users group...

Page 160: ...ou can also use a ﬁle gateway that is a member of an AD domain to create ﬁle shares with guest access Before you create a ﬁle share using guest access you need to change the default password To change the guest access password 1 Open the AWS Storage Gateway console at https console amazonaws cn storagegateway home 2 Choose the gateway that you want to use to join the domain 3 For Actions choose Ed...

Page 161: ...riginal locked version of the object remains unchanged For more information about Amazon S3 Object Lock see Introduction to Amazon S3 Object Lock in the Amazon Simple Storage Service Developer Guide Understanding File Share Status Each ﬁle share has an associated status that tells you at a glance what the health of the ﬁle share is Most of the time the status indicates that the ﬁle share is functi...

Page 162: ... S3 bucket to be written to by multiple ﬁle shares unpredictable results can occur To prevent this create an S3 bucket policy that denies all roles except the role used for the ﬁle share to put or delete objects in the bucket Then attach this policy to the S3 bucket The following example policy denies all roles except the role that created the bucket to write to the S3 bucket The s3 DeleteObject a...

Page 163: ...s in high bandwidth usage Instead of doing a full disk scan you can use real time virus scanning that is scanning data as it is read from or written to the cached volume Resizing a volume is not supported To change the size of a volume create a snapshot of the volume and then create a new cached volume from the snapshot The new volume can be bigger than the volume from which the snapshot was creat...

Page 164: ...y point is a point in time at which all data of the volume is consistent To clone a volume you choose the Clone from last recovery point option in the Create volume dialog box then select the volume to use as the source The following screenshot shows the Create volume dialog box Cloning from an existing volume is faster and more cost eﬀective than creating an Amazon EBS snapshot Cloning does a byt...

Page 165: ...name for iSCSI target name The target name can contain lowercase letters numbers periods and hyphens This target name appears as the iSCSI target node name in the Targets tab of the iSCSI Microsoft initiator UI after discovery For example the name target1 appears as iqn 1007 05 com amazon target1 Ensure that the target name is globally unique within your storage area network SAN 7 Verify that the ...

Page 166: ... unreachable gateway and then choose the Details tab A recovery snapshot message is displayed in the tab 4 Choose Create recovery snapshot to open the Create recovery snapshot dialog box 5 From the list of volumes displayed choose the volume you want to recover and then choose Create snapshots AWS Storage Gateway initiates the snapshot process 6 Find and restore the snapshot Viewing Volume Usage W...

Page 167: ...volumes see Delete Volume The following procedure demonstrates using the console Before you delete a volume back up your data or take a snapshot of your critical data For stored volumes your local disks aren t erased After you delete a volume you can t get it back To remove a volume 1 Open the AWS Storage Gateway console at https console amazonaws cn storagegateway home 2 On the Volumes tab choose...

Page 168: ... until the volume detach operation is complete before you delete the gateway If a stored gateway is in restoring state you can t detach a volume from it The following steps show you how to detach and attach a volume using the Storage Gateway console For more information about doing this using the API see DetachVolume or AttachVolume in the AWS Storage Gateway API Reference To detach a volume from ...

Page 169: ... that overwrites the data on your volume with random data your usage will not be reduced This is because the random data is not compressible Creating a One Time Snapshot In addition to scheduled snapshots for volume gateways you can take one time ad hoc snapshots By doing this you can back up your storage volume immediately without waiting for the next scheduled snapshot To take a one time snapsho...

Page 170: ...napshot in the Amazon EC2 User Guide To delete multiple snapshots at a time you can use one of the AWS SDKs that supports AWS Storage Gateway operations For examples see Deleting Snapshots by Using the AWS SDK for Java p 163 Deleting Snapshots by Using the AWS SDK for NET p 166 and Deleting Snapshots by Using the AWS Tools for Windows PowerShell p 170 Deleting Snapshots by Using the AWS SDK for Ja...

Page 171: ...lumeInfo public class ListDeleteVolumeSnapshotsExample public static AWSStorageGatewayClient sgClient public static AmazonEC2Client ec2Client static String serviceURLSG https storagegateway us east 1 amazonaws com static String serviceURLEC2 https ec2 us east 1 amazonaws com The gatewayARN public static String gatewayARN provide gateway ARN The number of days back you want to save snapshots Snapsh...

Page 172: ...shotsRequest describeSnapshotsRequest new DescribeSnapshotsRequest withFilters filters DescribeSnapshotsResult describeSnapshotsResult ec2Client describeSnapshots describeSnapshotsRequest List Snapshot snapshots describeSnapshotsResult getSnapshots System out println volume id volumeId for Snapshot s snapshots StringBuilder sb new StringBuilder boolean meetsCriteria CompareDates daysBack s getStar...

Page 173: ... retention period The example uses the AWS SDK for NET API for AWS Storage Gateway and Amazon EC2 The Amazon EC2 API includes operations for working with snapshots The following code example uses the AWS SDK for NET version 2 and 3 You can migrate older versions of NET to the newer version For more information see Migrating Your Code to the Latest Version of the AWS SDK for NET Update the code to ...

Page 174: ...tatic String AwsAccessKey AKIA IAM SecretKey static String AwsSecretKey AWS Account number 12 digits no hyphen static String OwnerID 123456789012 Your Gateway ARN Use a Storage Gateway ID sgw XXXXXXXX static String GatewayARN arn aws storagegateway ap southeast 2 123456789012 gateway sgw XXXXXXXX Snapshot status completed pending error static String SnapshotStatus completed AWS Region where your g...

Page 175: ...A list of VolumeInfos or null private static List VolumeInfo ListVolumesForGateway ListVolumesResponse response new ListVolumesResponse try ListVolumesRequest request new ListVolumesRequest request GatewayARN GatewayARN response sgClient ListVolumes request foreach VolumeInfo vi in response VolumeInfos Console WriteLine OutputVolumeInfo vi catch AmazonStorageGatewayException ex Console WriteLine e...

Page 176: ...scribeSnapshotsResponse describeSnapshotsResponse ec2Client DescribeSnapshots describeSnapshotsRequest List Snapshot snapshots describeSnapshotsResponse Snapshots Console WriteLine volume id volumeID foreach Snapshot s in snapshots if IsSnapshotPastRetentionPeriod snapshotAge s StartTime Console WriteLine s SnapshotId s VolumeId s StartTime s Description SelectedSnapshots Add s catch AmazonEC2Exce...

Page 177: ... AWS Tools for Windows PowerShell If you need to delete just a few snapshots use the console as described in Deleting a Snapshot p 163 Example Deleting Snapshots by Using the AWS Tools for Windows PowerShell The following PowerShell script example lists the snapshots for each volume of a gateway and whether the snapshot start time is before or after a speciﬁed date It uses the AWS Tools for Window...

Page 178: ...olume in volumesResult volumeARN volume VolumeARN volumeId volumeARN split 3 ToLower filter New Object Amazon EC2 Model Filter filter Name volume id filter Value Add volumeId snapshots get EC2Snapshot Filter filter Write Output nFor volume id volumeId foreach s in snapshots d DateTime Now AddDays daysBack meetsCriteria false if DateTime Compare d s StartTime gt 0 meetsCriteria true sb s SnapshotId...

Page 179: ... Available state That is the gateway has synchronized any changes made to the volume since it ﬁrst entered Pass Through status Bootstrapping The gateway is synchronizing data locally with a copy of the data stored in AWS You typically don t need to take action for this status because the storage volume automatically sees the Available status in most cases The following are scenarios when a volume ...

Page 180: ...TIVE status a volume in Pass Through must complete the Bootstrapping phase During Bootstrapping the volume re establishes synchronization with in AWS so that it can resume the record log of changes to the volume and re enable CreateSnapshot functionality During Bootstrapping writes to the volume are recorded in upload buﬀer The Pass Through status occurs when there is more than one storage volume ...

Page 181: ...ity has been exceeded see Troubleshooting Volume Issues p 331 Infrequently the Restoring Pass Through status can indicate that a disk allocated for an upload buﬀer has failed For information about what action to take in this scenario see Troubleshooting Volume Issues p 331 Upload Buﬀer Not Conﬁgured You can t create or use the volume because the gateway doesn t have an upload buﬀer conﬁgured For i...

Page 182: ...is status appears because the upload buﬀer space is ﬁlled then in some cases buﬀer space becomes available again At that point the storage volume self corrects to the Available status In other cases you might have to add more upload buﬀer space to your gateway to allow the storage volume status to become Available For information on how to troubleshoot a case when upload buﬀer capacity has been ex...

Page 183: ... if you are interested in understanding more about how volume gateways work The diagram doesn t show the Upload Buﬀer Not Conﬁgured status or the Deleting status Volume states in the diagram appear as green yellow and red boxes You can interpret the colors as described following Color Volume Status Green The gateway is operating normally The volume status is Available or eventually becomes Availab...

Page 184: ...ume to the Available status For information on how to troubleshoot a case when upload buﬀer capacity has been exceeded see Troubleshooting Volume Issues p 331 For information on how to add upload buﬀer capacity see Determining the Size of Upload Buﬀer to Allocate p 221 Red The storage volume has the Irrecoverable status In this case you should delete the volume For information on how to do this se...

Page 185: ...teway resources Topics Adding Virtual Tapes p 178 Archiving Virtual Tapes p 180 Moving Your Tape from Glacier to Deep Archive Storage Class p 180 Retrieving Archived Tapes p 181 Viewing Tape Usage p 181 Deleting Tapes p 182 Disabling Your Tape Gateway p 182 Understanding Tape Status p 183 Adding Virtual Tapes You can add tapes in your tape gateway when you need them For information about how to cr...

Page 186: ...pes Note Virtual tapes are uniquely identiﬁed by a barcode You can add a preﬁx to the barcode The preﬁx is optional but you can use it to help identify your virtual tapes The preﬁx must be uppercase letters A Z and must be one to four characters long 8 The pool you selected in step 2 is shown in the Pool list This pool represents the storage class in which your tape will be stored when it is eject...

Page 187: ...hived in the pool that you chose when you created the tape The process for ejecting a tape varies depending on your backup software For information about supported backup software see Using Your Backup Software to Test Your Gateway Setup p 86 Moving Your Tape from Glacier to Deep Archive Storage Class Move your tapes from GLACIER to DEEP_ARCHIVE for long term data retention and digital preservatio...

Page 188: ...ctions Note The status of the virtual tape that you want to retrieve must be ARCHIVED 4 In the Retrieve tape dialog box for Barcode verify that the barcode identiﬁes the virtual tape you want to retrieve 5 For Gateway choose the gateway that you want to retrieve the archived tape to and then choose Retrieve tape The status of the tape changes from ARCHIVED to RETRIEVING At this point your data is ...

Page 189: ...al tape Warning This procedure permanently deletes the selected virtual tape 1 Open the AWS Storage Gateway console at https console amazonaws cn storagegateway home 2 In the navigation pane choose Tapes 3 Choose the virtual tape that you want to delete 4 On the Actions menu choose Delete tape A conﬁrmation box appears as shown following 5 Make sure that the tape listed is the tape you intend to d...

Page 190: ...uire action on your part You can ﬁnd information following to help you decide when you need to act Topics Understanding Tape Status Information in a VTL p 183 Determining Tape Status in an Archive p 184 Understanding Tape Status Information in a VTL A tape s status must be AVAILABLE for you to read or write to the tape The following table lists and describes possible status values Status Descripti...

Page 191: ... This status indicates an error in your tape gateway Amazon S3 Determining Tape Status in an Archive You can use the following procedure to determine the status of a virtual tape in an archive To determine the status of a virtual tape 1 Open the AWS Storage Gateway console at https console amazonaws cn storagegateway home 2 In the navigation pane choose Tapes 3 In the Status column of the tape lib...

Page 192: ...nformation and get a better perspective on how your gateway and volumes are performing For detailed information about CloudWatch see the Amazon CloudWatch User Guide Understanding Gateway Metrics For the discussion in this topic we deﬁne gateway metrics as metrics that are scoped to the gateway that is they measure something about the gateway Because a gateway contains one or more volumes a gatewa...

Page 193: ...ing period Units Percent yes no yes CachePercentUsed Percent use of the gateway s cache storage This metric applies only to the gateway cached volume setup The sample is taken at the end of the reporting period Units Percent yes no yes CachePercentDirty Percent of the gateway s cache that has not been persisted to AWS This metric applies only to the gateway cached volume setup The sample is taken ...

Page 194: ...he reporting period Use this metric with the Sum statistic to measure throughput and with the Samples statistic to measure IOPS Units Bytes yes yes yes UploadBufferFree The total amount of unused space in the gateway s upload buﬀer The sample is taken at the end of the reporting period Units Bytes yes no yes CacheFree The total amount of unused space in the gateway s cache storage The sample is ta...

Page 195: ... is taken at the end of the reporting period Units Bytes yes no yes QueuedWrites The number of bytes waiting to be written to AWS sampled at the end of the reporting period for all volumes in the gateway These bytes are kept in your gateway s working storage Units Bytes yes yes yes ReadBytes The total number of bytes read from your on premises applications in the reporting period for all volumes i...

Page 196: ...measure latency Units Milliseconds yes yes yes TotalCacheSize The total size of the cache in bytes This metric applies only to the gateway cached volume setup The sample is taken at the end of the reporting period Units Bytes yes no yes WriteBytes The total number of bytes written to your on premises applications in the reporting period for all volumes in the gateway Use this metric with the Sum s...

Page 197: ...milliseconds spent to do write operations from your on premises applications in the reporting period for all volumes in the gateway Use this metric with the Average statistic to measure latency Units Milliseconds yes yes yes TimeSinceLastRecoveryPoint The time since the last available recovery point Units Seconds yes yes no API Version 2013 06 30 190 ...

Page 198: ...e sample is taken at the end of the reporting period Note Working storage applies only to the gateway stored volume setup The upload buﬀer applies to both the gateway stored and gateway cached volume setups If you are working with both types of gateway setups you might ﬁnd it more convenient to use just the corresponding upload buﬀer metric UploadBufferFree Units Bytes no yes no API Version 2013 0...

Page 199: ...aken at the end of the reporting period Note Working storage applies only to the gateway stored volume setup The upload buﬀer applies to both the gateway stored and gateway cached volume setups If you are working with both types of gateway setups you might ﬁnd it more convenient to use just the corresponding upload buﬀer metric UploadBufferPercentUsed Units Percent no yes no API Version 2013 06 30...

Page 200: ...eway cached volume setups If you are working with both types of gateway setups you might ﬁnd it more convenient to use just the corresponding upload buﬀer metric UploadBufferUsed Units Bytes no yes no The following table describes the AWS Storage Gateway metrics that you can use to get information about your storage volumes Specify the VolumeId dimension for each metric to view the data for a stor...

Page 201: ... only to cached volumes The sample is taken at the end of the reporting period Use the CachePercentUsed metric of the gateway to view overall percent use of the gateway s cache storage Units Percent yes no CachePercentDirty The volume s contribution to the overall percentage of the gateway s cache that has not been persisted to AWS This metric applies only to volumes in a gateway cached setup The ...

Page 202: ...ric with the Average statistic to measure latency Units Milliseconds yes yes WriteBytes The total number of bytes written to your on premises applications in the reporting period Use this metric with the Sum statistic to measure throughput and with the Samples statistic to measure IOPS Units Bytes yes yes WriteTime The total number of milliseconds spent to do write operations from your on premises...

Page 203: ... gateway s upload buﬀer and how to create an alarm so that you get a notiﬁcation when the buﬀer exceeds a speciﬁed threshold By using this approach you can proactively add buﬀer storage to a gateway before it ﬁlls completely and your storage application stops backing up to AWS You monitor the upload buﬀer in the same way in both the cached volume and tape gateway architectures For more information...

Page 204: ...he alarm name description and threshold a On the Deﬁne Alarm page of the Create Alarm Wizard identify your alarm by giving it a name and description in the Name and Description boxes b Deﬁne the alarm threshold c Choose Continue 5 Conﬁgure an email action for the alarm a In the Conﬁgure Actions page of the Create Alarm Wizard choose Alarm for Alarm State b Choose Choose or create email topic for T...

Page 205: ...of time The TotalCacheSize metric changes only when you add cache to the gateway Percentage of read requests that are served from the cache Use the CacheHitPercent metric with the Average statistic Typically you want CacheHitPercent to remain high Percentage of cache that is dirty that is it contains content that has not been uploaded to AWS Use the CachePercentDirty metrics with the Average stati...

Page 206: ...nous uploading of your ﬁles to your ﬁle share You can use the NotifyWhenUploaded API to request a ﬁle upload notiﬁcation You can get notiﬁed when the gateway ﬁnishes refreshing the cache for your S3 bucket When you invoke the RefreshCache operation through the Storage Gateway console or Storage Gateway API you can subscribe to the notiﬁcation when the operation completes When the ﬁle operation you...

Page 207: ...ses you could have two ﬁle gateways that mapped to the same Amazon S3 bucket The ﬁle share client for Gateway1 could upload new ﬁles to S3 and the ﬁles are read by ﬁle share clients on Gateway 2 The ﬁles will upload to S3 but they will not be visible to Gateway2 because it uses a locally cached version of ﬁles in S3 To make the ﬁles visible in gateway2 you can use the NotifyWhenUploaded API to req...

Page 208: ...triggered the notiﬁcation notiﬁcation id The randomly generated ID of the notiﬁcation that was sent This ID is in UUID format This is the notiﬁcation ID that is returned when NotfyWhenUploaded is called request received When the gateway received the NotfyWhenUploaded request completed When all the ﬁles in the working set were uploaded to Amazon S3 Getting Refresh Cache Notiﬁcation For refresh cach...

Page 209: ...f5e47 started 2018 02 06T21 34 42Z completed 2018 02 06T21 34 53Z folderList Field names Description version The current version of the IAM policy id The ID that identiﬁes the IAM policy time When the request to refresh the ﬁles in working set was made detail type A description of the type of the event that triggered notiﬁcation that was sent source The AWS service that is the source of the reques...

Page 210: ...n about your ﬁle shares Metric Description CacheHitPercent Percent of application read operations from the ﬁle shares that are served from cache The sample is taken at the end of the reporting period When there are no application read operations from the ﬁle share this metric reports 100 percent Units Percent CachePercentDirty The ﬁle share s contribution to the overall percentage of the gateway s...

Page 211: ...atistic to measure IOPS Units Bytes Monitoring Your Volume Gateway In this section you can ﬁnd information about how to monitor a gateway in a cached volumes or stored volumes setup including monitoring the volumes associated with the gateway and monitoring the upload buﬀer You use the AWS Management Console to view metrics for your gateway For example you can view the number of bytes used in read...

Page 212: ...trics and Volume Metrics views to easily select gateway speciﬁc and volume speciﬁc dimensions For more information about dimensions see Dimensions in the Amazon CloudWatch User Guide The metric name such as ReadBytes The following table summarizes the types of Storage Gateway metric data that you can use CloudWatch Namespace Dimension Description GatewayId GatewayName These dimensions ﬁlter for me...

Page 213: ...r operation over the sample period of time IOPS Use the ReadBytes and WriteBytes metrics with the Samples CloudWatch statistic For example the Samples value of the ReadBytes metric over a sample period of 5 minutes divided by 300 seconds gives you IOPS For the average latency graphs and average size graphs the average is calculated over the total number of operations read or write whichever is app...

Page 214: ...a storage volume with the Samples statistic In the image the cursor over a data point displays information about the data point including its value and the number of samples Divide the samples value by the Period value 5 minutes to get the operations per second at that sample point For the point highlighted the number of write operations is 24 373 bytes divided by 300 seconds which is 81 write ope...

Page 215: ...second Latency of data to AWS Use the CloudDownloadLatency metric with the Average statistic For example the Average statistic of the CloudDownloadLatency metric gives you the latency per operation To measure the upload data throughput from a gateway to AWS 1 Open the CloudWatch console at https console amazonaws cn cloudwatch 2 Choose Metrics then choose the All metrics tab and then choose Storag...

Page 216: ...dered set of data points contains the latency in milliseconds To set an upper threshold alarm for a gateway s throughput to AWS 1 Open the CloudWatch console at https console amazonaws cn cloudwatch 2 Choose Alarms 3 Choose Create Alarm to start the Create Alarm Wizard 4 Choose the Storage Gateway dimension and ﬁnd the gateway that you want to work with 5 Choose the CloudBytesUploaded metric 6 To ...

Page 217: ... VolumeId that identiﬁes the storage volume for which you are interested in viewing metrics For more information see Using Amazon CloudWatch Metrics p 205 The following table describes the Storage Gateway metrics that you can use to get information about your storage volumes Metric Description Cached volumes Stored volumes CacheHitPercent Percent of application read operations from the volume that...

Page 218: ...se of the gateway s cache storage For more information see Understanding Gateway Metrics p 185 Units Percent yes no ReadBytes The total number of bytes read from your on premises applications in the reporting period Use this metric with the Sum statistic to measure throughput and with the Samples statistic to measure IOPS Units Bytes yes yes ReadTime The total number of milliseconds spent to do re...

Page 219: ...ng Your Tape Gateway In this section you can ﬁnd information about how to monitor your tape gateway virtual tapes associated with your tape gateway cache storage and the upload buﬀer You use the AWS Management Console to view metrics for your tape gateway With metrics you can track the health of your tape gateway and set up alarms to notify you when one or more metrics are outside a deﬁned thresho...

Page 220: ...at are available to you Amazon CloudWatch Namespace Dimension Description AWS StorageGateway GatewayId GatewayName These dimensions ﬁlter for metric data that describes aspects of the tape gateway You can identify a tape gateway to work with by specifying both the GatewayId and the GatewayName dimensions Throughput and latency data of a tape gateway is based on all the virtual tapes in the tape ga...

Page 221: ...he Average statistic For example the Average statistic of the CloudDownloadLatency metric gives you the latency per operation To measure the upload data throughput from a tape gateway to AWS 1 Open the CloudWatch console at https console amazonaws cn cloudwatch 2 Choose the Metrics tab 3 Choose the StorageGateway Gateway Metrics dimension and ﬁnd the tape gateway that you want to work with 4 Choos...

Page 222: ...iﬁed time For example you can deﬁne an alarm state when the CloudBytesUploaded metric is greater than 10 megabytes for 60 minutes 6 Conﬁgure the actions to take for the alarm state For example you can have an email notiﬁcation sent to you 7 Choose Create Alarm To set an upper threshold alarm for reading data from AWS 1 Open the CloudWatch console at https console amazonaws cn cloudwatch 2 Choose C...

Page 223: ...e Amazon S3 bucket that you specify Additionally you can conﬁgure other AWS services to further analyze and act upon the event data collected in CloudTrail logs For more information see the following Overview for Creating a Trail CloudTrail Supported Services and Integrations Conﬁguring Amazon SNS Notiﬁcations for CloudTrail Receiving CloudTrail Log Files from Multiple Regions and Receiving CloudT...

Page 224: ...s storagegateway us east 2 111122223333 gateway cloudtrailgatewayvtl requestID 54BTFGNQI71987UJD2IHTCT8NF1Q8GLLE1QEU3KPGG6F0KSTAUU0 eventID 635f2ea2 7e42 45f0 bed1 8b17d7b74265 eventType AwsApiCall apiVersion 20130630 recipientAccountId 444455556666 The following example shows a CloudTrail log entry that demonstrates the ListGateways action Records eventVersion 1 02 userIdentity type IAMUser princ...

Page 225: ...e Gateway User Guide Understanding Storage Gateway Log File Entries eventID f76e5919 9362 48ff a7c4 d203a189ec8d eventType AwsApiCall apiVersion 20130630 recipientAccountId 444455556666 API Version 2013 06 30 218 ...

Page 226: ...rting and stopping your gateway using the AWS Storage Gateway Management Console you can also and stop your gateway by using your VM local console or AWS Storage Gateway API When you power on your VM remember to restart your gateway Gateway VM local console see Logging in to the Local Console Using Default Credentials p 252 AWS Storage Gateway API see ShutdownGateway Note If you stop your gateway ...

Page 227: ...Local Disk Storage p 220 Determining the Size of Upload Buﬀer to Allocate p 221 Determining the Size of Cache Storage to Allocate p 222 Adding an Upload Buﬀer or Cache Storage p 223 Using Ephemeral Storage With EC2 Gateways p 223 Deciding the Amount of Local Disk Storage The number and size of disks that you want to allocate for your gateway is up to you Depending on the storage solution you deplo...

Page 228: ...performance in some situations when it is used to back both the cache storage and upload buﬀer This is also true if the backup is a less performant RAID conﬁguration such as RAID1 After the initial conﬁguration and deployment of your gateway you can adjust the local storage by adding or removing disks for an upload buﬀer You can also add disks for cache storage Determining the Size of Upload Buﬀer...

Page 229: ...han 150 GiB For example assume that your business applications write text data to your gateway at a rate of 40 MB per second for 12 hours per day and your network throughput is 12 MB per second Assuming a compression factor of 2 1 for the text data you would allocate approximately 690 GiB of space for the upload buﬀer Example 40 MB sec 12 MB sec 2 12 hours 3600 seconds hour 691200 megabytes You ca...

Page 230: ... In the Edit local disks dialog box identify the disks you provisioned and decide which one you want to use for an upload buﬀer or cached storage Note For stored volumes only the upload buﬀer is displayed because stored volumes have no cache disks 6 In the drop down list box in the Allocated to column choose Upload Buﬀer for the disk to use as an upload buﬀer 7 For gateways created with cached vol...

Page 231: ... your gateway Using bandwidth throttling helps you to control the amount of network bandwidth used by your gateway By default an activated gateway has no rate limits on upload or download You can specify the rate limit by using the AWS Management Console or programmatically by using either the AWS Storage Gateway API see UpdateBandwidthRateLimit or an AWS Software Development Kit SDK By throttling...

Page 232: ...dpoints in the AWS General Reference import java io IOException import com amazonaws AmazonClientException import com amazonaws auth PropertiesCredentials import com amazonaws services storagegateway AWSStorageGatewayClient import com amazonaws services storagegateway model UpdateBandwidthRateLimitRequest import com amazonaws services storagegateway model UpdateBandwidthRateLimitResult public clas...

Page 233: ...imits by using the AWS Software Development Kit SDK for NET To use the example code you should be familiar with running a NET console application For more information see Getting Started in the AWS SDK for NET Developer Guide Example Updating Gateway Bandwidth Limits by Using the AWS SDK for NET The following C code example updates a gateway s bandwidth rate limits You need to update the code and ...

Page 234: ...th rate limits of returnGatewayARN Console WriteLine Upload bandwidth limit uploadRate bits per second Console WriteLine Download bandwidth limit downloadRate bits per second catch AmazonStorageGatewayException ex Console WriteLine Error updating gateway bandwith n ex ToString Updating Gateway Bandwidth Rate Limits Using the AWS Tools for Windows PowerShell By updating bandwidth rate limits progra...

Page 235: ...e Gateway checks for updates every week or every month it only goes through maintenance and restart if there are updates Before any update is applied to your gateway AWS notiﬁes you with a message on the Storage Gateway console and your AWS Personal Health Dashboard For more information see AWS Personal Health Dashboard The VM doesn t reboot but the gateway is unavailable for a short period while ...

Page 236: ...ocal Console Volume and Tape Gateways p 267 Accessing the Gateway Local Console p 273 Conﬁguring Network Adapters for Your Gateway p 275 Performing Tasks on the VM Local Console File Gateway For a ﬁle gateway deployed on premises you can perform the following maintenance tasks using the VM host s local console These tasks are common to VMware and Microsoft Hyper V hypervisors Topics Logging In to ...

Page 237: ...the ﬁrst time you log in to the VM with the default credentials For all types of gateways you use default credentials For volume and tape gateways the user name is sguser and the password is sgpassword For ﬁle gateways the user name is admin and the password is password We recommend that you always set a new password immediately after you create your new gateway You can set this password from the ...

Page 238: ...r your gateway see Network and Firewall Requirements p 12 To conﬁgure an HTTP proxy for a ﬁle gateway 1 Log in to your gateway s local console For more information on logging in to the VMware ESXi local console see Accessing the Gateway Local Console with VMware ESXi p 273 For more information on logging in to the Microsoft Hyper V local console see Access the Gateway Local Console with Microsoft ...

Page 239: ... Gateway Network Settings The default network conﬁguration for the gateway is Dynamic Host Conﬁguration Protocol DHCP With DHCP your gateway is automatically assigned an IP address In some cases you might need to manually assign your gateway s IP as a static IP address as described following To conﬁgure your gateway to use static IP addresses 1 Log in to your gateway s local console For more infor...

Page 240: ...pter names appears and you are prompted to enter an adapter name for example eth0 If the adapter you specify is in use the following information about the adapter is displayed Media access control MAC address IP address Netmask Gateway IP address DHCP enabled status You use the same adapter name when you conﬁgure a static IP address option 3 as when you set your gateway s default route adapter opt...

Page 241: ...n activated you must shut it down and restart it from the Storage Gateway console for the settings to take eﬀect For more information see Shutting Down Your Gateway VM p 219 If your gateway uses more than one network interface you must set all enabled interfaces to use DHCP or static IP addresses For example suppose that your gateway VM uses two interfaces conﬁgured as DHCP If you later set one in...

Page 242: ...ay s DNS conﬁguration Enter 7 The available adapters of the primary and secondary DNS servers are displayed Note For some versions of the VMware hypervisor you can edit the adapter conﬁguration in this menu View routing tables Enter 8 The default route of your gateway is displayed Testing Your Gateway Connection to the Internet You can use your gateway s local console to test your internet connect...

Page 243: ...ys either a PASSED or FAILED message as shown following If you selected VPC PrivateLink each VPC endpoint DNS IP in the AWS Region displays either a PASSED or FAILED message as shown following 5 Message Description PASSED AWS Storage Gateway has internet connectivity FAILED AWS Storage Gateway doesn t have internet connectivity For information about network and ﬁrewall requirements see Network and...

Page 244: ...le displays an OK WARNING or FAIL message for each resource as described in the table following Message Description OK The resource has passed the system resource check WARNING The resource doesn t meet the recommended requirements but your gateway can continue to function AWS Storage Gateway displays a message that describes the results of the resource check FAIL The resource doesn t meet the min...

Page 245: ...console see Accessing the Gateway Local Console with VMware ESXi p 273 For more information on logging in to the Microsoft Hyper V local console see Access the Gateway Local Console with Microsoft Hyper V p 274 2 In the AWS Appliance Activation Conﬁguration main menu enter 5 to manage your system s time 3 In the System Time Management menu choose one of the following options To Do This View and sy...

Page 246: ...lly check your VM s time For more information see Synchronizing Your Gateway VM Time p 348 Edit your NTP server conﬁguration Enter 2 You are prompted to provide a preferred and a secondary NTP server View your NTP server conﬁguration Enter 3 Your NTP server conﬁguration is displayed Running Storage Gateway Commands on the Local Console The VM local console in Storage Gateway helps provide a secure...

Page 247: ...To learn about a command enter the command name at the command prompt Conﬁguring Network Adapters for Your Gateway By default AWS Storage Gateway is conﬁgured to use the E1000 network adapter type but you can reconﬁgure your gateway to use the VMXNET3 10 GbE network adapter You can also conﬁgure Storage Gateway so it can be accessed by more than one IP address You do this by conﬁguring your gatewa...

Page 248: ...adapter and conﬁgure your gateway to use the VMXNET3 adapter 1 In VMware open the context right click menu for your gateway and choose Edit Settings 2 In the Virtual Machine Properties window choose the Hardware tab 3 For Hardware choose Network adapter Notice that the current adapter is E1000 in the Adapter Enter section You replace this adapter with the VMXNET3 adapter 4 Choose the E1000 network...

Page 249: ...t login credentials to log in to the gateway s local console for this conﬁguration task For information about how to log in using the default credentials see Logging In to the File Gateway Local Console p 229 2 At the prompt enter 2 to select Network Conﬁguration and then press Enter to open the network conﬁguration menu 3 At the prompt enter 4 to select Reset all to DHCP and then enter y for yes ...

Page 250: ...might require that you keep your iSCSI targets and the initiators that connect to them in an isolated network This network is diﬀerent from the network by which the gateway communicates with AWS In a typical multiple adapter use case one adapter is conﬁgured as the route by which the gateway communicates with AWS that is as the default gateway Except for this one adapter initiators must be in the ...

Page 251: ...248 Viewing Your Gateway System Resource Status p 249 Running Storage Gateway Commands on the Local Console p 250 Logging In to Your Amazon EC2 Gateway Local Console You can connect to your Amazon EC2 instance by using a Secure Shell SSH client For detailed information see Connect to Your Instance in the Amazon EC2 User Guide To connect this way you need the SSH key pair that you speciﬁed when you...

Page 252: ...ssion enter x to exit the menu Routing Your Gateway Deployed on EC2 Through an HTTP Proxy AWS Storage Gateway supports the conﬁguration of a Socket Secure version 5 SOCKS5 proxy between your gateway deployed on Amazon EC2 and AWS If your gateway must use a proxy server to communicate to the internet then you need to conﬁgure the HTTP proxy settings for your gateway You do this by specifying an IP ...

Page 253: ...menu To Do This Conﬁgure an HTTP proxy Enter 1 You need to supply a host name and port to complete conﬁguration View the current HTTP proxy conﬁguration Enter 2 If an HTTP proxy is not conﬁgured the message HTTP Proxy not configured is displayed If an HTTP proxy is conﬁgured the host name and port of the proxy are displayed Remove an HTTP proxy conﬁguration Enter 3 API Version 2013 06 30 246 ...

Page 254: ...Domain Name Server DNS settings through the local console To conﬁgure your gateway to use static IP addresses 1 Log in to your gateway s local console For instructions see Logging In to Your Amazon EC2 Gateway Local Console p 244 2 On the AWS Appliance Activation Conﬁguration main menu enter 2 to begin conﬁguring your DNS server 3 On the Network Conﬁguration menu choose one of the following option...

Page 255: ... Testing Your Gateway Connectivity to the Internet You can use your gateway s local console to test your internet connection This test can be useful when you are troubleshooting network issues with your gateway To test your gateway s connection to the internet 1 Log in to your gateway s local console For instructions see Logging In to Your Amazon EC2 Gateway Local Console p 244 2 In the AWS Storag...

Page 256: ...D AWS Storage Gateway has internet connectivity FAILED AWS Storage Gateway does not have internet connectivity Viewing Your Gateway System Resource Status When your gateway starts it checks its virtual CPU cores root volume size and RAM It then determines whether these system resources are suﬃcient for your gateway to function properly You can view the results of this check on the gateway s local ...

Page 257: ...lts of the resource check FAIL The resource doesn t meet the minimum requirements Your gateway might not function properly AWS Storage Gateway displays a message that describes the results of the resource check The console also displays the number of errors and warnings next to the resource check menu option Running Storage Gateway Commands on the Local Console The AWS Storage Gateway console help...

Page 258: ... Activation Conﬁguration main menu enter 5 for Gateway Console 3 In the command prompt enter h and then press the Return key The console displays the AVAILABLE COMMANDS menu with the available commands After the menu a gateway console prompt appears as shown in the following screenshot 4 At the command prompt enter the command that you want to use and follow the instructions To learn about a comma...

Page 259: ...or you to log in the login screen is displayed If this is your ﬁrst time logging in to the local console you use the default user name and password to log in These default login credentials give you access to menus where you can conﬁgure gateway network settings and change the password from the local console Storage Gateway enables you to set your own password from the AWS Storage Gateway console ...

Page 260: ...mmands Running Storage Gateway Commands on the Local Console p 261 View system resource check Viewing Your Gateway System Resource Status p 263 To shut down the gateway type 0 To exit the conﬁguration session type x to exit the menu Setting the Local Console Password from the Storage Gateway Console When you log in to the local console for the ﬁrst time you log in to the VM with the default creden...

Page 261: ... If your gateway must use a proxy server to communicate to the Internet then you need to conﬁgure the SOCKS or HTTP proxy settings for your gateway You do this by specifying an IP address and port number for the host running your proxy After you do so AWS Storage Gateway routes all HTTP traﬃc through your proxy server For information about network requirements for your gateway see Network and Fire...

Page 262: ...ssage SOCKS Proxy Configuration Removed is displayed The following procedure shows you how to conﬁgure an HTTP proxy for a ﬁle gateway For instructions on how to conﬁgure SOCKS proxy for a volume gateway or tape gateway see To conﬁgure a SOCKS5 proxy for volume and tape gateways p 254 To conﬁgure an HTTP proxy for a ﬁle gateway 1 Log in to your gateway s local console VMware ESXi for more informat...

Page 263: ...o supply a host name and port to complete conﬁguration View the current HTTP proxy conﬁguration Type option 2 If a HTTP proxy is not conﬁgured the message HTTP Proxy not configured is displayed If a HTTP proxy is conﬁgured the host name and port of the proxy are displayed Remove a HTTP proxy conﬁguration Type option 3 The message HTTP Proxy Configuration Removed is displayed 4 Restart your VM to a...

Page 264: ...for more information see Accessing the Gateway Local Console with VMware ESXi p 273 Microsoft Hyper V for more information see Access the Gateway Local Console with Microsoft Hyper V p 274 2 On the AWS Storage Gateway Conﬁguration main menu type option 2 to begin conﬁguring a static IP address 3 Choose one of the following options on the AWS Storage Gateway Network Conﬁguration menu To Do This Des...

Page 265: ... Do This Gateway IP address DHCP enabled status You use the same adapter name when you conﬁgure a static IP address option 3 as when you set your gateway s default route adapter option 5 Conﬁgure DHCP Type option 2 You are prompted to conﬁgure network interface to use DHCP API Version 2013 06 30 258 ...

Page 266: ...d restart it from the AWS Storage Gateway console for the settings to take eﬀect For more information see Shutting Down Your Gateway VM p 219 If your gateway uses more than one network interface you must set all enabled interfaces to use DHCP or static IP addresses For example suppose your gateway VM uses two interfaces conﬁgured as DHCP If you later set one interface to a static IP the other inte...

Page 267: ...lect one of the adapters for example eth0 View your gateway s DNS conﬁguration Type option 6 The IP addresses of the primary and secondary DNS name servers are displayed View routing tables Type option 7 The default route of your gateway is displayed Testing Your Gateway Connection to the Internet You can use your gateway s local console to test your Internet connection This test can be useful whe...

Page 268: ...me scenarios the gateway VM s time can drift For example if there is a prolonged network outage and your hypervisor host and gateway do not get time updates then the gateway VM s time will be diﬀerent from the true time When there is a time drift a discrepancy occurs between the stated times when operations such as snapshots occur and the actual times that the operations occur For a gateway deploy...

Page 269: ...re information see Access the Gateway Local Console with Microsoft Hyper V p 274 2 On the AWS Storage Gateway Conﬁguration main menu type option 5 for Gateway Console 3 On the AWS Storage Gateway console type h and then press the Return key The console displays the Available Commands menu with the available commands and after the menu a Gateway Console prompt as shown in the following screenshot 4...

Page 270: ...274 2 In the AWS Storage Gateway Conﬁguration main menu type 6 to view the results of a system resource check The console displays an OK WARNING or FAIL message for each resource as described in the table following Message Description OK The resource has passed the system resource check WARNING The resource does not meet the recommended requirements but your gateway will continue to function AWS S...

Page 271: ...r Gateway to Use the VMXNET3 Network Adapter AWS Storage Gateway supports the E1000 network adapter type in both VMware ESXi and Microsoft Hyper V Hypervisor hosts However the VMXNET3 10 GbE network adapter type is supported in VMware ESXi hypervisor only If your gateway is hosted on a VMware ESXi hypervisor you can reconﬁgure your gateway to use the VMXNET3 10 GbE adapter type For more informatio...

Page 272: ...an cause network problems 5 Choose Add to open the Add Hardware wizard 6 Choose Ethernet Adapter and then choose Next 7 In the Network Type wizard select VMXNET3 for Adapter Type and then choose Next 8 In the Virtual Machine properties wizard verify in the Adapter Type section that Current Adapter is set to VMXNET3 and then choose OK 9 In the VMware VSphere client shut down your gateway 10 In the ...

Page 273: ...the AWS Storage Gateway Management Console After the gateway restarts you must test network connectivity to the Internet For information about how to test network connectivity see Testing Your Gateway Connection to the Internet p 260 Conﬁguring Your Gateway for Multiple NICs If you conﬁgure your gateway to use multiple network adapters NICs it can be accessed by more than one IP address You might ...

Page 274: ...Mware ESXi Host p 275 Conﬁguring Your Gateway for Multiple NICs in Microsoft Hyper V Host p 279 Performing Tasks on the Amazon EC2 Local Console Volume and Tape Gateways Some maintenance tasks require that you log in to the local console when running a gateway deployed on an Amazon EC2 instance In this section you can ﬁnd information about how to log in to the local console and perform maintenance...

Page 275: ...upports the conﬁguration of a Socket Secure version 5 SOCKS5 proxy between your gateway deployed on Amazon EC2 and AWS Note The only proxy conﬁguration AWS Storage Gateway supports is SOCKS5 If your gateway must use a proxy server to communicate to the Internet then you need to conﬁgure the SOCKS proxy settings for your gateway You do this by specifying an IP address and port number for the host r...

Page 276: ...t of the proxy are displayed Remove a SOCKS proxy conﬁguration Type 3 The message SOCKS Proxy Configuration Removed is displayed Exit this menu and return to the previous menu Type x Testing Your Gateway Connectivity to the Internet You can use your gateway s local console to test your Internet connection This test can be useful when you are troubleshooting network issues with your gateway To test...

Page 277: ... connectivity FAILED AWS Storage Gateway does not have Internet connectivity Running Storage Gateway Commands on the Local Console The AWS Storage Gateway console helps provide a secure environment for conﬁguring and diagnosing issues with your gateway Using the console commands you can perform maintenance tasks such as saving routing tables or connecting to AWS Support To run a conﬁguration or di...

Page 278: ...em Resource Status When your gateway starts it checks its virtual CPU cores root volume size and RAM and determines whether these system resources are suﬃcient for your gateway to function properly You can view the results of this check on the gateway s local console To view the status of a system resource check 1 Log in to your gateway s local console For instructions see Logging In to Your Amazo...

Page 279: ...irements but your gateway will continue to function AWS Storage Gateway displays a message that describes the results of the resource check FAIL The resource does not meet the minimum requirements Your gateway might not function properly AWS Storage Gateway displays a message that describes the results of the resource check The console also displays the number of errors and warnings next to the re...

Page 280: ...le with Microsoft Hyper V p 274 Accessing the Gateway Local Console with VMware ESXi To access your gateway s local console with VMware ESXi 1 In the VMware vSphere client select your gateway VM 2 Ensure that the gateway is turned on Note If your gateway VM is turned on a green arrow icon appears with the VM icon as shown in the following screenshot If your gateway VM is not turned on you can turn...

Page 281: ...nes list of the Microsoft Hyper V Manager select your gateway VM 2 Ensure the gateway is turned on Note If your gateway VM is turned on Running is displayed as the State of the VM as shown in the following screenshot If your gateway VM is not turned on you can turn it on by choosing Start in the Actions pane 3 In the Actions pane choose Connect The Virtual Machine Connection window appears If an a...

Page 282: ... for Multiple NICs in a VMware ESXi Host p 275 Conﬁguring Your Gateway for Multiple NICs in Microsoft Hyper V Host p 279 Conﬁguring Your Gateway for Multiple NICs in a VMware ESXi Host The following procedure assumes that your gateway VM already has one network adapter deﬁned and that you are adding a second adapter The following procedure shows how to add an adapter for VMware ESXi To conﬁgure yo...

Page 283: ...n the context right click menu for your gateway VM and choose Edit Settings 4 On the Hardware tab of the Virtual Machine Properties dialog box choose Add to add a device 5 Follow the Add Hardware wizard to add a network adapter a In the Device Type pane choose Ethernet Adapter to add an adapter and then choose Next API Version 2013 06 30 276 ...

Page 284: ...ype and then choose Next We recommend that you use the E1000 network adapter with Storage Gateway For more information on the adapter types that might appear in the adapter list see Network Adapter Types in the ESXi and vCenter Server Documentation c In the Ready to Complete pane review the information and then choose Finish API Version 2013 06 30 277 ...

Page 285: ...ou can use to access the gateway Conﬁrm that a second IP address is listed for the gateway Note It might take several moments for the adapter changes to take eﬀect and the VM summary information to refresh The following image is for illustration only In practice one of the IP addresses will be the address by which the gateway communicates to AWS and the other will be an address in a diﬀerent subne...

Page 286: ...ring Your Gateway for Multiple NICs in Microsoft Hyper V Host The following procedure assumes that your gateway VM already has one network adapter deﬁned and that you are adding a second adapter This procedure shows how to add an adapter for a Microsoft Hyper V host To conﬁgure your gateway to use an additional network adapter in a Microsoft Hyper V Host 1 On the Storage Gateway console turn oﬀ th...

Page 287: ...x for the VM for Hardware choose Add Hardware 6 In the Add Hardware pane choose Network Adapter and then choose Add to add a device 7 Conﬁgure the network adapter and then choose Apply to apply settings In the following example Virtual Network 2 is selected for the new adapter API Version 2013 06 30 280 ...

Page 288: ...rces Removing resources avoids incurring charges for resources you don t plan to continue using and helps reduce your monthly bill When you delete a gateway it no longer appears on the AWS Storage Gateway Management Console and its iSCSI connection to the initiator is closed The procedure for deleting a gateway is the same for all gateway types however depending on the type of gateway you want to ...

Page 289: ...zonaws cn storagegateway home 2 In the navigation pane choose Gateways and then choose the gateway you want to delete 3 On the Actions menu choose Delete gateway 4 Important Before you do this step be sure that there are no applications currently writing to the gateway s volumes If you delete the gateway while it is in use data loss can occur Warning When a gateway is deleted there is no way to ge...

Page 290: ...ay is connected to AWS If the tape gateway is connected to AWS and you delete the gateway the iSCSI targets associated with the gateway that is the virtual tape drives and media changer will no longer be available The tape gateway is not connected to AWS If the tape gateway is not connected to AWS for example if the underlying VM is turned oﬀ or your network is down then you cannot delete the gate...

Page 291: ...these to identify the volumes you want to delete 3 In the Amazon EC2 console remove all Amazon EBS volumes that are attached to the instance if you don t plan on using them again For more information see Clean Up Your Instance and Volume in the Amazon EC2 User Guide for Linux Instances Removing Resources from Your Tape Gateway Deployed on Amazon EC2 If you deployed a tape gateway we suggest that y...

Page 292: ...must be tuned to the size of the active working set Using multiple local disks for the cache increases write performance by parallelizing access to data and leads to higher IOPS Following are recommended conﬁgurations for your ﬁle gateway Recommended Conﬁguration Write Throughput File Sizes 6 MB Root disk 80 GB io1 4 000 IOPS Cache disk 512 GiB EBS cache io1 1 500 provisioned IOPS Minimum network ...

Page 293: ...load buﬀer 150 GB CPU 16vCPU RAM 32 GB Minimum network performance 10 Gbps 2 3 3 2 1 2 0 6 Host Platform Storage Gateway Hardware Appliance Cache disk 2 5 TB Upload buﬀer 2 TB CPU 20 cores RAM 128 GB Minimum network performance 10 Gbps 1 4 4 3 1 4 0 5 Host Platform Amazon EC2instance c5d 9xlarge Cache disk 450 GB NVMe Upload buﬀer 450 GB NVMe CPU 36 vCPU RAM 72 GB Minimum network performance 10Gbp...

Page 294: ...dd CPU resources to your gateway host The minimum requirement for a gateway host server is four virtual processors To optimize gateway performance conﬁrm that the four virtual processors that are assigned to the gateway VM are backed by four cores In addition conﬁrm that you are not oversubscribing the CPUs of the host server When you add additional CPUs to your gateway host server you increase th...

Page 295: ... ReadBytes and WriteBytes metrics For more information on these metrics see Measuring Performance Between Your Application and Gateway p 206 Use a Larger Block Size for Tape Drives For a tape gateway the default block size for a tape drive is 64 KB However you can increase the block size up to 1 MB to improve I O performance The block size that you choose depends on the maximum block size that you...

Page 296: ...ed throughput If the measured throughput is less than the desired throughput then increasing the bandwidth between your application and gateway can improve performance if the network is the bottleneck Similarly you can increase the bandwidth between your VM and your local disks if they re not direct attached Add CPU resources to your application environment If your application can use additional C...

Page 297: ...he Amazon VPC User Guide In the next section you can ﬁnd instructions on how to connect your VPC to a ﬁle gateway First you deﬁne an interface VPC endpoint which enables you to connect your VPC to other AWS services The endpoint provides reliable scalable connectivity to services without requiring an internet gateway network address translation NAT instance or virtual private network VPN connectio...

Page 298: ...eviously created a gateway in this AWS Region the console shows your gateway Otherwise the service homepage appears 2 Choose a gateway type 3 Choose a host platform 4 Choose a service endpoint Note You can associate a VPC endpoint with one gateway at a time 5 Use your gateway s IP address to connect to gateway 6 Activate your gateway 7 Conﬁgure local disks For step by step instructions on how to c...

Page 299: ...it CHAP credentials you must have the necessary IAM role permissions that allows you to perform that operation and the gateway the initiator target is attached to must be a functioning gateway To add CHAP credentials 1 In the AWS Storage Gateway Console choose Volumes and select the volume for which you want to add CHAP credentials 2 On the Actions menu choose Conﬁgure CHAP authentication 3 In the...

Page 300: ... AWS Storage Gateway API Reference Encrypting a Tape For a virtual tape you can conﬁgure your gateway to encrypt tape data stored in the cloud with AWS KMS managed keys by using the Storage Gateway API You can specify one of the managed customer master keys CMKs as the KMS key The CMK that you use to encrypt your tape data can t be changed after the tape is created For information on using the Sto...

Page 301: ...sole AWS Discussion Forums or the AWS Support Center In addition to a user name and password you can also generate access keys for each user You can use these keys when you access AWS services programmatically either through one of the several SDKs or by using the AWS Command Line Interface CLI The SDK and CLI tools use the access keys to cryptographically sign your request If you don t use AWS to...

Page 302: ...IAM User Guide Applications running on Amazon EC2 You can use an IAM role to manage temporary credentials for applications that are running on an EC2 instance and making AWS CLI or AWS API requests This is preferable to storing access keys within the EC2 instance To assign an AWS role to an EC2 instance and make it available to all of its applications you create an instance proﬁle that is attached...

Page 303: ... a Policy p 299 AWS Storage Gateway Resources and Operations In AWS Storage Gateway the primary resource is a gateway Storage Gateway also supports the following additional resource types ﬁle share volume virtual tape iSCSI target and virtual tape library VTL device These are referred to as subresources and they don t exist unless they are associated with a gateway These resources and subresources...

Page 304: ...quest that creates the resource The following examples illustrate how this works If you use the root account credentials of your AWS account to activate a gateway your AWS account is the owner of the resource in Storage Gateway the resource is the gateway If you create an IAM user in your AWS account and grant permissions to the ActivateGateway action to that user the user can activate a gateway H...

Page 305: ...the IAM User Guide The following is an example policy that grants permissions to all List actions on all resources This action is a read only action Thus the policy doesn t allow the user to change the state of the resources Version 2012 10 17 Statement Sid AllowAllListActionsOnAllResources Effect Allow Action storagegateway List Resource For more information about using identity based policies wi...

Page 306: ...User Guide For a table showing all of the Storage Gateway API actions see Storage Gateway API Permissions Actions Resources and Conditions Reference p 309 Specifying Conditions in a Policy When you grant permissions you can use the IAM policy language to specify the conditions when a policy should take eﬀect when granting permissions For example you might want a policy to be applied only after a s...

Page 307: ...s the account that is owner of the gateway resource For information about how to use a wildcard character in a policy see Example 2 Allow Read Only Access to a Gateway p 302 To limit permissions for a particular action to a speciﬁc gateway only create a separate statement for that action in the policy and specify the gateway ID in that statement The second statement grants permissions for the ec2 ...

Page 308: ...S Storage Gateway resources AWSStorageGatewayFullAccess Grants full access to AWS Storage Gateway resources Note You can review these permissions policies by signing in to the IAM console and searching for speciﬁc policies there You can also create your own custom IAM policies to allow permissions for AWS Storage Gateway API actions You can attach these custom policies to the IAM users or groups t...

Page 309: ...eSnapshots ec2 DeleteSnapshot Effect Allow Resource Example 2 Allow Read Only Access to a Gateway The following policy allows all List and Describe actions on all resources Note that these actions are read only actions Thus the policy doesn t allow the user to change the state of any resources that is the policy doesn t allow the user to perform actions such as DeleteGateway ActivateGateway and Sh...

Page 310: ...icy allows all actions on a speciﬁc gateway The user is restricted from accessing other gateways you might have deployed Version 2012 10 17 Statement Sid AllowReadOnlyAccessToAllGateways Action storagegateway List storagegateway Describe Effect Allow Resource Sid AllowsUserToDescribeSnapshotsOnAllGateways Action ec2 DescribeSnapshots Effect Allow Resource Sid AllowsAllActionsOnSpecificGateway Acti...

Page 311: ...he policy restricts the user to accessing only a speciﬁc volume Version 2012 10 17 Statement Sid GrantsPermissionsToSpecificVolume Action storagegateway Effect Allow Resource arn aws storagegateway us west 2 123456789012 gateway gateway id volume volume id Sid GrantsPermissionsToUseStorageGatewayConsole Action storagegateway ListGateways Effect Allow Resource The preceding policy works if the user...

Page 312: ...ragegateway us west 2 123456789012 gateway DeptX Sid GrantsPermissionsToSpecifiedAction Action ec2 DescribeSnapshots Effect Allow Resource The preceding policy works if the user to whom the policy is attached uses either the API or an AWS SDK to access the gateway However if this user plans to use the AWS Storage Gateway console you must grant additional permissions as described in Example 3 Allow...

Page 313: ...Based on Tags in an IAM Request You can use conditions in an IAM policy to control what an IAM user can do based on tags on a ﬁle gateway resource For example you can write a policy that allows or denies an IAM user the ability to perform speciﬁc API operations based on the tag they provided when they were creating the resource In the following example the ﬁrst statement allows a user to create a ...

Page 314: ...ng are some important characteristics of Windows ACLs on SMB ﬁle shares By default Windows ACLs on SMB ﬁle shares aren t enabled To enable Windows ACLs set the SmbAclEnabled option to true for your ﬁle share by using the UpdateSMBFileShare operation with the Storage Gateway SDK or the AWS CLI When ACLs are enabled the ACL information is persisted in Amazon S3 object metadata The gateway preserves ...

Page 315: ...Amazon S3 We recommend setting ACLs at the top level folder under the root of your ﬁle share instead of setting ACLs directly at the root of the ﬁle share This approach persists the information as object metadata in Amazon S3 6 Enable inheritance as appropriate Note You can enable inheritance for ﬁle shares created after May 8 2019 If you enable inheritance and update the permissions recursively S...

Page 316: ... use the same set of root ACLs Storage Gateway API Permissions Actions Resources and Conditions Reference When you set up access control p 295 and write permissions policies that you can attach to an IAM identity identity based policies you can use the following table as a reference The table lists each Storage Gateway API operation the corresponding actions for which you can grant permissions to ...

Page 317: ...rn aws storagegateway region account id tape tapebarcode CancelRetrieval Action s storagegateway CancelRetrieval Resource arn aws storagegateway region account id tape tapebarcode CreateCachediSCSIVolume Action s storagegateway CreateCachediSCSIVolume Resource arn aws storagegateway region account id gateway gateway id CreateSnapshot Action s storagegateway CreateSnapshot Resource arn aws storageg...

Page 318: ...ateway gateway id volume volume id DeleteTape Action s storagegateway DeleteTape Resource arn aws storagegateway region account id gateway gateway id DeleteTapeArchive Action s storagegateway DeleteTapeArchive Resource DeleteVolume Action s storagegateway DeleteVolume Resource arn aws storagegateway region account id gateway gateway id volume volume id DescribeBandwidthRateLimit Action s storagega...

Page 319: ...ount id gateway gateway id volume volume id DescribeTapeArchives Action s storagegateway DescribeTapeArchives Resource DescribeTapeRecoveryPoints Action s storagegateway DescribeTapeRecoveryPoints Resource arn aws storagegateway region account id gateway gateway id DescribeTapes Action s storagegateway DescribeTapes Resource arn aws storagegateway region account id gateway gateway id DescribeUploa...

Page 320: ...ay region account id gateway gateway id ListVolumeInitiators Action s storagegateway ListVolumeInitiators Resource arn aws storagegateway region account id gateway gateway id volume volume id ListVolumeRecoveryPoints Action s storagegateway ListVolumeRecoveryPoints Resource arn aws storagegateway region account id gateway gateway id ListVolumes Action s storagegateway ListVolumes Resource arn aws ...

Page 321: ...ateway region account id gateway gateway id UpdateChapCredentials Action s storagegateway UpdateChapCredentials Resource arn aws storagegateway region account id gateway gateway id target iSCSItarget UpdateGatewayInformation Action s storagegateway UpdateGatewayInformation Resource arn aws storagegateway region account id gateway gateway id UpdateGatewaySoftwareNow Action s storagegateway UpdateGa...

Page 322: ...AWS Storage Gateway User Guide Storage Gateway API Permissions Reference Related Topics Access Control p 295 Customer Managed Policy Examples p 301 API Version 2013 06 30 315 ...

Page 323: ...ices for Recovering Your Data p 338 Troubleshooting On Premises Gateway Issues The following table lists typical issues that you might encounter working with your on premises gateways Topics Enabling AWS Support To Help Troubleshoot Your Gateway Hosted On Premises p 318 Issue Action to Take You cannot ﬁnd the IP address of your gateway Use the hypervisor client to connect to your host to ﬁnd the g...

Page 324: ...and Activate Gateway wizard Check that your VM has at least 7 5 GB of RAM Gateway allocation fails if there is less than 7 5 GB of RAM For more information see Requirements p 10 You need to remove a disk allocated as upload buﬀer space For example you might want to reduce the amount of upload buﬀer space for a gateway or you might need to replace a disk used as an upload buﬀer that has failed For ...

Page 325: ...ter conﬁguration for your gateway follow the instructions in Conﬁguring Your Gateway Network p 257 and select the option for viewing your gateway s network conﬁguration You can view the throughput to and from your gateway from the Amazon CloudWatch console For more information about measuring throughput to and from your gateway to AWS see Measuring Performance Between Your Gateway and AWS p 207 Yo...

Page 326: ... When you connect to customer support Storage Gateway assigns you a support number Make a note of your support number If you gateway is using a VPC endpoint in the AVAILABLE COMMANDS window type open support channel If your gateway is not activated provide the VPC endpoint or IP address to connect to customer support for AWS Storage Gateway You must allow TCP port 22 to initiate a support channel ...

Page 327: ...not pointing to the root of the unzipped gateway source ﬁles The last part of the location you specify in the Import Virtual Machine dialog box should be AWS Storage Gateway as the following example shows If you have already deployed a gateway and you did not select the Copy the virtual machine option and check the Duplicate all ﬁles option in the Import Virtual Machine dialog box then the VM was ...

Page 328: ...x this problem specify new locations in the Hyper V Settings dialog box You try to import a gateway and receive an error message Import failed Import failed because the virtual machine must have a new identiﬁer Select a new identiﬁer and try the import again When you import the gateway make sure you select the Copy the virtual machine option and check the Duplicate all ﬁles option in the Import Vi...

Page 329: ...host For more information about the requirements for AWS Storage Gateway see Requirements p 10 Your snapshots and gateway software updates are occurring at slightly diﬀerent times than expected The gateway VM s clock might be oﬀset from the actual time known as clock drift Check and correct the VM s time using local gateway console s time synchronization option For more information see Synchronizi...

Page 330: ...ion Hasn t Occurred After a Few Moments Check the following in the Amazon EC2 console Port 80 is enabled in the security group you associated with the instance For more information about adding a security group rule see Adding a Security Group Rule in the Amazon EC2 User Guide for Linux Instances The gateway instance is marked as running In the Amazon EC2 console the State value for the instance s...

Page 331: ...r message likely occurs because no Amazon EBS volumes are deﬁned for the instance Check block devices deﬁned for the instance that is running the gateway If there are only two block devices the default devices that come with the AMI then you should add storage For more information on doing so see Deploying a Volume or Tape Gateway on an Amazon EC2 Host p 349 After attaching two or more Amazon EBS ...

Page 332: ...instance s security group must have a rule that opens TCP port 22 Note If you add a new rule to an existing security group the new rule applies to all instances that use that security group For more information about security groups and how to add a security group rule see Amazon EC2 Security Groups in the Amazon EC2 User Guide To let AWS Support connect to your gateway you ﬁrst log in to the loca...

Page 333: ...n Control Protocol User Datagram Protocol TCP UDP port number Instead the gateway makes a Secure Shell SSH TCP 22 connection to Storage Gateway servers and provides the support channel for the connection 5 Once the support channel is established provide your support service number to AWS Support so AWS Support can provide troubleshooting assistance 6 When the support session is completed type q to...

Page 334: ...erformance issues or prevent the normal functioning of the appliance You Can t Find the Hardware Appliance Serial Number To ﬁnd the serial number of the hardware appliance go to the Hardware page in the AWS Storage Gateway console as shown following Where to Obtain Hardware Appliance Support To contact the AWS Storage Gateway Hardware Appliance support see https aws amazon com contact us The AWS S...

Page 335: ...reated the status is CREATING The status transitions to AVAILABLE status after the ﬁle share is created If your ﬁle share gets stuck in the CREATING status do the following 1 Open the Amazon S3 console at https console amazonaws cn s3 2 Make sure the Amazon S3 bucket that you mapped your ﬁle share to exists If the bucket doesn t exist create it After you create the bucket the ﬁle share status tran...

Page 336: ...o allow multiple ﬁle shares to write to one S3 bucket This approach can cause unpredictable results Instead we recommend that you allow only one ﬁle share to write to each S3 bucket You create a bucket policy to allow only the role associated with your ﬁle share to write to the bucket For more information see File Share Best Practices p 155 You Can t Upload Files into Your S3 Bucket If you can t u...

Page 337: ...earlier version should a new version be added to the S3 bucket outside of your application To read the latest version of an object use the RefreshCache API action or refresh from the console as described in Refreshing Objects in Your Amazon S3 Bucket p 153 We don t recommend that objects or ﬁles be written to your ﬁle gateway S3 bucket from outside of the ﬁle share Use of versioned S3 buckets can ...

Page 338: ...Snapshot Did Not Occur p 333 You Need to Remove or Replace a Disk That Has Failed p 333 Throughput from Your Application to a Volume Has Dropped to Zero p 333 A Cache Disk in Your Gateway Encounters a Failure p 334 A Volume Snapshot Has PENDING Status Longer Than Expected p 334 The Console Says That Your Volume Is Not Conﬁgured If the AWS Storage Gateway console indicates that your volume has a st...

Page 339: ... several reasons Some reasons require action and some do not An example of when you should take action if your volume has the PASS THROUGH status is when your gateway has run out of upload buﬀer space To verify if your upload buﬀer was exceeded in the past you can view the UploadBufferPercentUsed metric in the Amazon CloudWatch console for more information see Monitoring the Upload Buﬀer p 196 If ...

Page 340: ...led just prior to the scheduled snapshot time You can check the UploadBufferPercentUsed metric for the gateway in the Amazon CloudWatch console and create an alarm for this metric For more information see Monitoring the Upload Buﬀer p 196 and To set an upper threshold alarm for a gateway s upload buﬀer p 197 You Need to Remove or Replace a Disk That Has Failed If you need to replace a volume disk ...

Page 341: ...che disk is inaccessible or unusable delete the disk from your gateway conﬁguration If the cache disk is still accessible and useable reconnect it to your gateway Note If you delete a cache disk tapes or volumes that have clean data that is for which data in the cache disk and Amazon S3 are synchronized will continue to be available when the gateway resumes normal functionality For example if your...

Page 342: ...way 1 Identify an existing functioning tape gateway to serve as your recovery target gateway If you don t have a tape gateway to recover your tapes to create a new tape gateway For information about how to create a gateway see Choosing a Gateway Type p 75 2 Open the AWS Storage Gateway console at https console amazonaws cn storagegateway home 3 In the navigation pane choose Gateways and then choos...

Page 343: ...ave data that is not synchronized with Amazon S3 are automatically recovered The status of these tapes is set to RECOVERED but the tapes will be read only For information about how to remove a disk from your host see Determining the Size of Upload Buﬀer to Allocate p 221 Important If the cache disk you are resetting contains data that has not been uploaded to Amazon S3 yet that data can be lost Af...

Page 344: ...rmation following on some issues you might ﬁnd and how to troubleshoot them You Need to Recover Data From an IRRECOVERABLE Tape If you have a virtual tape with the status IRRECOVERABLE and you need to work with it try one of the following Activate a new tape gateway if you don t have one activated For more information see Choosing a Gateway Type p 75 Disable the tape gateway that contains the irre...

Page 345: ...a new gateway and recover your data to that gateway using the instructions following Topics Recovering from an Unexpected Virtual Machine Shutdown p 338 Recovering Your Data from a Malfunctioning Gateway or VM p 339 Retrieving Your Data from an Irrecoverable Volume p 339 Recovering Your Data from an Irrecoverable Tape p 340 Recovering Your Data from a Malfunctioning Cache Disk p 340 Recovering You...

Page 346: ...ou Want to Recover Your Data p 332 If your tape gateway or the hypervisor host encounters an unrecoverable failure you can use the following steps to recover the tapes from the malfunctioning tape gateway to another tape gateway 1 Identify a tape gateway you want to use as the recovery target or create you can create a new one 2 Disable the malfunctioning gateway 3 Create recovery tapes for each t...

Page 347: ...ecover a Virtual Tape from a Malfunctioning Cache Disk p 336 Recovering Your Data from a Corrupted File System If your ﬁle system gets corrupted you can use the fsck command to check your ﬁle system for errors and repair it If you can repair the ﬁle system you can then recover your data from the volumes on the ﬁle system as described following 1 Shut down your virtual machine and use the AWS Stora...

Page 348: ...eway on an Amazon EC2 host For more information see Deploying a Volume or Tape Gateway on an Amazon EC2 Host p 349 Note Gateway stored volumes can t be hosted on Amazon EC2 instance 2 Create a new volume and choose the EC2 gateway as the target gateway For more information see Creating a Volume p 63 Create the new volume based on an Amazon EBS snapshot or clone from last recovery point of the volu...

Page 349: ... Your Data From An Inaccessible Data Center 3 Mount your ﬁle share on your client and map it to the Amazon S3 bucket that contains the data that you want to recover For more information see Using Your File Share p 51 API Version 2013 06 30 342 ...

Page 350: ...urce Components for AWS Storage Gateway p 395 AWS Storage Gateway Limits p 395 Using Storage Classes p 397 Host Setup Topics Conﬁguring VMware for Storage Gateway p 343 Synchronizing Your Gateway VM Time p 348 Deploying a Volume or Tape Gateway on an Amazon EC2 Host p 349 Deploying File Gateway on an Amazon EC2 Host p 351 Conﬁguring VMware for Storage Gateway When conﬁguring VMware for AWS Storage...

Page 351: ...ronize its time automatically to a Network Time Protocol NTP server Important Synchronizing the VM time with the host time is required for successful gateway activation To synchronize VM time with host time 1 Conﬁgure your VM time a In the vSphere client open the context right click menu for your gateway VM and choose Edit Settings The Virtual Machine Properties dialog box opens b Choose the Optio...

Page 352: ...ct the vSphere host node in the left pane and then choose the Conﬁguration tab b Select Time Conﬁguration in the Software panel and then choose the Properties link The Time Conﬁguration dialog box appears c In the Date and Time panel set the date and time d Conﬁgure the host to synchronize its time automatically to an NTP server i Choose Options in the Time Conﬁguration dialog box and then in the ...

Page 353: ...art to start the service Note that if you change this NTP server reference or add another later you will need to restart the service to use the new server e Choose OK to close the NTP Daemon ntpd Options dialog box f Choose OK to close the Time Conﬁguration dialog box Conﬁguring the AWS Storage Gateway VM to Use Paravirtualized Disk Controllers In this task you set the iSCSI controller so that the...

Page 354: ...CSI Controller Type dialog box select the VMware Paravirtual SCSI controller type and then choose OK Using AWS Storage Gateway with VMware High Availability VMware High Availability HA is a component of vSphere that can provide protection from failures in the infrastructure layer supporting a gateway VM VMware HA does this by using multiple hosts conﬁgured as a cluster so that if a host running a ...

Page 355: ...374 For more information on customizing Linux clients timeout settings see Customizing Your Linux iSCSI Settings p 376 With clustering if you deploy the ova package to the cluster select a host when you are prompted to do so Alternately you can deploy directly to a host in a cluster Synchronizing Your Gateway VM Time For a gateway deployed on VMware ESXi setting the hypervisor host time and synchr...

Page 356: ...take a few moments The following screenshot shows a VM that doesn t require time synchronization The following screenshot shows a VM that does require time synchronization Deploying a Volume or Tape Gateway on an Amazon EC2 Host You can deploy and activate a volume or tape gateway on an Amazon EC2 instance You can use gateways hosted on Amazon EC2 instances for disaster recovery and data mirroring...

Page 357: ... Region and then choose Continue to Launch 6 On the Launch this Software page choose Launch from Website 7 For EC2 Instance Type choose an instance type For information about supported instance types see Requirements for Amazon EC2 Instance Types p 11 8 For Subnet Settings choose the subnet that you want to launch your instance in 9 For Security Group Settings choose a security group You can choos...

Page 358: ... We recommend starting with the m4xlarge instance type which meets the minimum requirements for your gateway to function properly For more information see Hardware Requirements for On Premises VMs p 11 You can resize your instance after you launch if necessary For more information see Resizing Your Instance in the Amazon EC2 User Guide for Linux Instances Note Certain instance types particularly i...

Page 359: ...You can conﬁgure one or more local drives for your cache and upload buﬀer up to the maximum capacity When adding cache or upload buﬀer to an existing gateway it s important to create new disks in your host hypervisor or Amazon EC2 instance Don t change the size of existing disks if the disks have been previously allocated as either a cache or upload buﬀer 9 On the Step 5 Add Tags page you can add ...

Page 360: ...39 page on the Storage Gateway console to continue your gateway setup The following shows the ﬁle gateway Amazon EC2 AMI names and AMI IDs Region AMI Name AMI ID ap northeast 1 aws thinstaller 1560967323 ami 0c7b0fb654a4f0f85 ap northeast 2 aws thinstaller 1560967323 ami 0909f3ce2d2ﬀ17d6 ap south 1 aws thinstaller 1560967323 ami 04a15305837aaafe7 ap southeast 1 aws thinstaller 1560967323 ami 06bb5...

Page 361: ...r gateway for example if you have a failed disk Removing a Disk from a Gateway Hosted on VMware ESXi You can use the following procedure to remove a disk from your gateway hosted on VMware hypervisor To remove a disk allocated for the upload buﬀer VMware ESXi 1 In the vSphere client open the context right click menu choose the name of your gateway VM and then choose Edit Settings 2 On the Hardware...

Page 362: ...sk from a Gateway Hosted on Microsoft Hyper V Using the following procedure you can remove a disk from your gateway hosted on a Microsoft Hyper V hypervisor To remove an underlying disk allocated for the upload buﬀer Microsoft Hyper V 1 In the Microsoft Hyper V Manager open the context right click menu choose the name of your gateway VM and then choose Settings API Version 2013 06 30 355 ...

Page 363: ...so reduce the storage you allocated by removing previously allocated Amazon EBS volumes For more information about Amazon EBS see Amazon Elastic Block Store Amazon EBS in the Amazon EC2 User Guide for Linux Instances Before you add more storage to the gateway you should review how to size your upload buﬀer and cache storage based on your application needs for a gateway To do so see Determining the...

Page 364: ...2 User Guide for Linux Instances 3 Delete the Amazon EBS volume For instructions see Deleting an Amazon EBS Volume in the Amazon EC2 User Guide for Linux Instances 4 Start the gateway by following the approach described in the Shutting Down Your Gateway VM p 219 section Tape Gateway Topics Working with VTL Devices p 357 Working With Tapes p 361 Working with VTL Devices Your tape gateway setup prov...

Page 365: ...s Backup Exec 2012 Note Veritas has ended support for Backup Exec 2012 For more information see End of Support for Prior Backup Exec Versions STK L700 Veritas NetBackup Version 7 x or 8 x AWS Gateway VTL Important We highly recommend that you choose the medium changer that s listed for your backup application Other medium changers might not function properly You can choose a diﬀerent medium change...

Page 366: ...n the Storage Gateway console choose Gateways from the navigation pane and then choose the gateway whose medium changer you want to change 6 Choose the VTL Devices tab select the medium changer you want to change and then choose Change Media Changer 7 In the Change Media Changer Type dialog box that appears select the media changer you want from the drop down list box and then choose Save Updating...

Page 367: ...r Sony TSL A500C Autoloader Microsoft System Center Data Protection Manager doesn t automatically display barcodes for virtual tapes created in Storage Gateway To display barcodes correctly for your tapes change the media changer driver to Sun StorageTek Library To display barcodes 1 Ensure that all backup jobs have completed and that there are no tasks pending or in progress 2 Eject and move the ...

Page 368: ...ateway A tape s status must be AVAILABLE for you to write to the tape These tapes are backed by Amazon Simple Storage Service Amazon S3 that is when you write to these tapes the tape gateway stores data in Amazon S3 For more information see Understanding Tape Status Information in a VTL p 183 Topics Archiving Tapes p 362 Canceling Tape Archival p 362 The tape library shows tapes in your tape gatew...

Page 369: ...er the tape is moved to the archive its status changes to ARCHIVED and you can retrieve the tape to any of your gateways For more information about tape retrieval see Retrieving Archived Tapes p 181 The steps involved in archiving a tape depend on your backup software For instructions on how to archive a tape by using Symantec NetBackup software see Archiving the Tape p 130 Canceling Tape Archival...

Page 370: ... following example shows you how to use the AWS CLI to fetch the HTTP response parse HTTP headers and get the activation key wget ec2_instance_ip_address activationRegion eu west 2 2 1 grep i location grep i key cut d f2 cut d f1 Linux bash zsh The following example shows you how to use Linux bash zsh to fetch the HTTP response parse HTTP headers and get the activation key function get activation ...

Page 371: ...ng iSCSI Settings p 374 Conﬁguring CHAP Authentication for Your iSCSI Targets p 377 The iSCSI standard is an Internet Protocol IP based storage networking standard for initiating and managing connections between IP based storage devices and clients The following list deﬁnes some of the terms that are used to describe the iSCSI connection and the components involved iSCSI initiator The client compo...

Page 372: ...load buﬀer for a gateway in a cached volumes setup see To add and conﬁgure upload buﬀer or cache storage p 223 The following diagram highlights the iSCSI target in the larger picture of the AWS Storage Gateway architecture For more information see How AWS Storage Gateway Works Architecture p 2 You can connect to your volume from either a Windows or Red Hat Linux client You can optionally conﬁgure ...

Page 373: ...f prompted choose Yes to start the Microsoft iSCSI initiator service 3 In the iSCSI Initiator Properties dialog box choose the Discovery tab and then choose the Discovery Portal button 4 In the Discover Target Portal dialog box type the IP address of your iSCSI target for IP address or DNS name and then choose OK To get the IP address of your gateway check the Gateway tab on the AWS Storage Gatewa...

Page 374: ... name shown should be the same as the name that you speciﬁed for your storage volume in step 1 b Select the target and then choose Connect If the target name is not populated already type the name of the target as shown in step 1 in the Connect to Target dialog box select the check box next to Add this connection to the list of Favorite Targets and then choose OK c In the Targets tab ensure that t...

Page 375: ... client A tape gateway exposes several tape drives and a media changer referred to collectively as VTL devices as iSCSI targets For more information see Requirements p 10 Note You connect only one application to each iSCSI target The following diagram highlights the iSCSI target in the larger picture of the AWS Storage Gateway architecture For more information on AWS Storage Gateway architecture s...

Page 376: ...e the IP address of your tape gateway for IP address or DNS name and then choose OK To get the IP address of your gateway check the Gateway tab on the AWS Storage Gateway console If you deployed your gateway on an Amazon EC2 instance you can ﬁnd the public IP or DNS address in the Description tab on the Amazon EC2 console 5 Choose the Targets tab and then choose Refresh All 10 tape drives and the ...

Page 377: ...ows client the driver provider for the tape drive must be Microsoft Use the following procedure to verify the driver provider and update the driver and provider if necessary To verify the driver provider and if necessary update the provider and driver on a Windows client 1 On your Windows client start Device Manager 2 Expand Tape drives choose the context right click menu for a tape drive and choo...

Page 378: ...ot Microsoft set the value as follows a Choose Update Driver b In the Update Driver Software dialog box choose Browse my computer for driver software c In the Update Driver Software dialog box choose Let me pick from a list of device drivers on my computer API Version 2013 06 30 371 ...

Page 379: ... Connecting Your Volumes or VTL Devices to a Linux Client When using Red Hat Enterprise Linux RHEL you use the iscsi initiator utils RPM package to connect to your gateway iSCSI targets volumes or VTL devices To connect a Linux client to the iSCSI targets 1 Install the iscsi initiator utils RPM package if it isn t already installed on your client You can use the following command to install the pa...

Page 380: ...Storage Gateway console The output of the discovery command will look like the following example output For volume gateways GATEWAY_IP 3260 1 iqn 1997 05 com amazon myvolume For tape gateways iqn 1997 05 com amazon GATEWAY_IP tapedrive 01 Your iSCSI qualiﬁed name IQN will be diﬀerent than what is shown preceding because IQN values are unique to an organization The name of the target is the name th...

Page 381: ...y Topics Customizing Your Windows iSCSI Settings p 374 Customizing Your Linux iSCSI Settings p 376 Customizing Your Windows iSCSI Settings When using a Windows client you use the Microsoft iSCSI initiator to connect to your gateway volume For instructions on how to connect to your volumes see Connecting Your Volumes to Your Client p 65 For a tape gateway setup connecting to your VTL devices by usi...

Page 382: ...iSCSI initiator might not be the subkey 0000 You can ensure that you have selected the correct subkey by verifying that the string DriverDesc has the value Microsoft iSCSI Initiator as shown in the following example d To show the iSCSI settings choose the Parameters subkey e Open the context right click menu for the MaxRequestHoldTime DWORD 32 bit value choose Modify and then change the value to 6...

Page 383: ...es as shown following you make your application better at dealing with write operations that take a long time and other transient issues such as network interruptions Note Commands might be slightly diﬀerent for other types of Linux The following examples are based on Red Hat Linux To customize your Linux iSCSI settings 1 Increase the maximum time for which requests are queued a Open the etc iscsi...

Page 384: ...o 600 This value represents a timeout of 600 seconds 3 Restart your system to ensure that the new conﬁguration values take eﬀect Before restarting you must make sure that the results of all write operations to your volumes are ﬂushed To do this unmount storage volumes before restarting 4 You can test the conﬁguration by using the following command udevadm test PATH_TO_ISCSI_DEVICE This command sho...

Page 385: ...ox shown in the screenshot following a For Initiator Name type the name of your iSCSI initiator You can ﬁnd the initiator name by using your iSCSI initiator software For example for Windows clients the name is the value on the Conﬁguration tab of the iSCSI initiator For more information see To conﬁgure mutual CHAP on a Windows client p 380 Note To change an initiator name you must ﬁrst disable CHA...

Page 386: ...ou can ﬁnd the initiator name by using your iSCSI initiator software For example for Windows clients the name is the value on the Conﬁguration tab of the iSCSI initiator For more information see To conﬁgure mutual CHAP on a Windows client p 380 Note To change an initiator name you must ﬁrst disable CHAP change the initiator name in your iSCSI initiator software and then enable CHAP with the new na...

Page 387: ...the iSCSI initiator is not already started on the Start menu of your Windows client computer choose Run type iscsicpl exe and then choose OK to run the program 2 Conﬁgure mutual CHAP conﬁguration for the initiator that is the Windows client a Choose the Conﬁguration tab Note The Initiator Name value is unique to your initiator and company The name shown preceding is the value that you used in the ...

Page 388: ... the Secret used to Authenticate Target Mutual CHAP box in the Conﬁgure CHAP Authentication dialog box For more information see Conﬁguring CHAP Authentication for Your iSCSI Targets p 377 d If the key that you typed is less than 12 characters or more than 16 characters long an Initiator CHAP secret error dialog box appears Choose OK and then type the key again 3 Conﬁgure the target with the initia...

Page 389: ...that you want to conﬁgure for CHAP is currently connected disconnect the target by selecting it and choosing Disconnect c Select the target that you want to conﬁgure for CHAP and then choose Connect d In the Connect to Target dialog box choose Advanced API Version 2013 06 30 382 ...

Page 390: ...the secret that is required to authenticate the initiator This secret is the same as the secret typed into the Secret used to Authenticate Initiator box in the Conﬁgure CHAP Authentication dialog box For more information see Conﬁguring CHAP Authentication for Your iSCSI Targets p 377 iii Select Perform mutual authentication API Version 2013 06 30 383 ...

Page 391: ...o a target If you have not completed these two tasks see Connecting to a Microsoft Windows Client p 84 2 Disconnect and remove any existing conﬁguration for the target for which you are about to conﬁgure CHAP a To ﬁnd the target name and ensure it is a deﬁned conﬁguration list the saved conﬁgurations using the following command sudo sbin iscsiadm mode node b Disconnect from the target The followin...

Page 392: ... session auth password password node session auth username_in username_in node session auth password_in password_in For guidance on what values to specify see the following table Conﬁguration Setting Value username The initiator name that you found in a previous step in this procedure The value starts with iqn For example iqn 1994 05 com redhat 8e89b27b5b8 is a valid username value password The se...

Page 393: ...ated a functioning gateway To use AWS Direct Connect with Storage Gateway 1 Create and establish an AWS Direct Connect connection between your on premises data center and your Storage Gateway endpoint For more information about how to create a connection see Getting Started with AWS Direct Connect in the AWS Direct Connect User Guide 2 Connect your on premises Storage Gateway appliance to the AWS ...

Page 394: ... Volume Gateways and Tape Gateways The following illustration shows the ports to open for volume gateways and tape gateways operation The following ports are common to all gateway types and are required by all gateway types API Version 2013 06 30 387 ...

Page 395: ...lls and Routers p 19 Your web browser Storage Gateway VM TCP 80 HTTP By local systems to obtain the Storage Gateway activation key Port 80 is used only during activation of a Storage Gateway appliance A Storage Gateway VM doesn t require port 80 to be publicly accessible The required level of access to port 80 depends on your network conﬁguration If you activate your gateway from the AWS Storage G...

Page 396: ...quired for troubleshooting Storage Gateway VM Network Time Protocol NTP server UDP 123 NTP Used by local systems to synchronize VM time to the host time A Storage Gateway VM is conﬁgured to use the following NTP servers 0 amazon pool ntp org 1 amazon pool ntp org 2 amazon pool ntp org 3 amazon pool ntp org AWS Storage Gateway Hardware Appliance Hypertext Transfer Protocol HTTP proxy TCP 8080 HTTP ...

Page 397: ...T and later TCP UDP SMBv3 445 File sharing data transfer session service for SMB only replaces ports 137 139 for Microsoft Windows NT and later 2 Web browser NFS and SMB TCP HTTP 80 AWS Management Console activation only TCP HTTPS 443 AWS Management Console all other operations 3 DNS NFS and SMB TCP UDP DNS 53 IP name resolution 4 NTP NFS and SMB UDP NTP 123 Time synchronization service 5 Microsof...

Page 398: ...s you can also get the IP address from your hypervisor For Amazon EC2 gateways you can also get the IP address of your Amazon EC2 instance from the Amazon EC2 Management Console To ﬁnd how to get your gateway s IP address see one of the following VMware host Accessing the Gateway Local Console with VMware ESXi p 273 HyperV host Access the Gateway Local Console with Microsoft Hyper V p 274 EC2 host...

Page 399: ...4 After your gateway is activated choose the gateway that you just activated and then choose the VTL devices tab in the bottom panel 5 Get the names of all your VTL devices 6 For each target run the following command to conﬁgure the target iscsiadm m node o new T TARGET_NAME p Elastic_IP 3260 7 For each target run the following command to log in iscsiadm m node p ELASTIC_IP 3260 login Your gateway...

Page 400: ...have as expected Important IDs for Storage Gateway volumes and Amazon EBS snapshots created from gateway volumes are changing to a longer format Starting in December 2016 all new volumes and snapshots will be created with a 17 character string Starting in April 2016 you will be able to use these longer IDs so you can test your systems with the new format For more information see Longer EC2 and EBS...

Page 401: ... add a tag 1 Open the AWS Storage Gateway console at https console amazonaws cn storagegateway home 2 In the navigation pane choose the resource you want to tag For example to tag a gateway choose Gateways and then choose the gateway you want to tag from the list of gateways 3 Choose Tags and then choose Add edit tags 4 In the Add edit tags dialog box choose Create tag 5 Type a key for Key and a v...

Page 402: ...y terms sources_hyperv tar for gateways deployed on Microsoft Hyper V This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org See https s3 amazonaws com aws storage gateway terms THIRD_PARTY_LICENSES txt for the relevant licenses for all dependent third party tools AWS Storage Gateway Limits In this topic you can ﬁnd information about ﬁle...

Page 403: ...024 bytes Limits for Volumes The following table lists limits for volumes Description Cached Volumes Stored Volumes Maximum size of a volume Note If you create a snapshot from a cached volume that is more than 16 TiB in size you can restore it to a Storage Gateway volume but not to an Amazon Elastic Block Store Amazon EBS volume 32 TiB 16 TiB Maximum number of volumes per gateway 32 32 Total size ...

Page 404: ...sks if the disks have been previously allocated as either a cache or upload buﬀer Using Storage Classes AWS Storage Gateway supports the Amazon S3 Standard Amazon S3 Standard Infrequent Access Amazon S3 One Zone Infrequent Access and Glacier storage classes For more information about storage classes see Storage Classes in the Amazon Simple Storage Service Developer Guide Using Infrequent Access St...

Page 405: ... IO errors when you update the ﬁle We recommend that you set up CloudWatch Events to receive notiﬁcation when these IO errors occur and use the notiﬁcation to take action For example you can take action to restore the archived object to S3 After the object is restored to S3 your ﬁle share clients can access and update them successfully through the ﬁle share For information about how to restore arc...

Page 406: ...to identify key information about the request including the operation you want to invoke the date of the request and information that indicates the authorization of you as the sender of the request Headers are case insensitive and the order of the headers is not important The following example shows headers that are used in the ActivateGateway operation POST HTTP 1 1 Host storagegateway us east 2 ...

Page 407: ...vailable for AWS Storage Gateway see Regions and Endpoints Host storagegateway region amazonaws com x amz date You must provide the time stamp in either the HTTP Date header or the AWS x amz date header Some HTTP client libraries don t let you set the Date header When an x amz date header is present the AWS Storage Gateway ignores any Date header during the request authentication The x amz date fo...

Page 408: ...ncatenation of the name of the hash algorithm the request date a credential scope string and the canonicalized request from the previous task The credential scope string itself is a concatenation of date region and service information Task 3 Create a Signature Create a signature for your request by using a cryptographic hash function that accepts two input strings your string to sign and a derived...

Page 409: ...esented as derived key HMAC HMAC HMAC HMAC AWS4 YourSecretAccessKey 20120910 us east 2 storagegateway aws4_request If the secret access key wJalrXUtnFEMI K7MDENG bPxRﬁCYEXAMPLEKEY is used then the calculated signature is 6d4c40b8f2257534dbdca9f326f147a0a7a419b63aff349d9d9c737c9a0f4c81 The ﬁnal step is to construct the Authorization header For the demonstration access key AKIAIOSFODNN7EXAMPLE the h...

Page 410: ...4 500 Internal Server Error InvalidAction The requested action or operation is invalid 400 Bad Request InvalidClientTokenId The X 509 certiﬁcate or AWS Access Key ID provided does not exist in our records 403 Forbidden InvalidGatewayRequestException One of the operation error code messages in Operation Error Codes p 404 400 Bad Request InvalidSignatureException The request signature we calculated ...

Page 411: ...are returned with one of two general exceptions InternalServerError and InvalidGatewayRequestException described in Exceptions p 403 Operation Error Code Message Operations That Return this Error Code ActivationKeyExpired The speciﬁed activation key has expired ActivateGateway ActivationKeyInvalid The speciﬁed activation key is invalid ActivateGateway ActivationKeyNotFound The speciﬁed activation ...

Page 412: ...ed disk is not gigabyte aligned CreateStorediSCSIVolume DiskSizeGreaterThanVolumeMaxSize The speciﬁed disk size is greater than the maximum volume size CreateStorediSCSIVolume DiskSizeLessThanVolumeSize The speciﬁed disk size is less than the volume size CreateStorediSCSIVolume DuplicateCertificateInfo The speciﬁed certiﬁcate information is a duplicate ActivateGateway API Version 2013 06 30 405 ...

Page 413: ...int DeleteBandwidthRateLimit DeleteChapCredentials DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials DescribeGatewayInformation DescribeMaintenanceStartTime DescribeSnapshotSchedule DescribeStorediSCSIVolumes DescribeWorkingStorage ListLocalDisks ListVolumes ListVolumeRecoveryPoints ShutdownGateway StartGateway UpdateBandwidthRateLimit UpdateC...

Page 414: ...Point DeleteBandwidthRateLimit DeleteChapCredentials DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials DescribeGatewayInformation DescribeMaintenanceStartTime DescribeSnapshotSchedule DescribeStorediSCSIVolumes DescribeWorkingStorage ListLocalDisks ListVolumes ListVolumeRecoveryPoints ShutdownGateway StartGateway UpdateBandwidthRateLimit Updat...

Page 415: ...Volume DeleteBandwidthRateLimit DeleteChapCredentials DeleteGateway DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials DescribeGatewayInformation DescribeMaintenanceStartTime DescribeSnapshotSchedule DescribeStorediSCSIVolumes DescribeWorkingStorage ListLocalDisks ListVolumes ListVolumeRecoveryPoints ShutdownGateway StartGateway UpdateBandwidth...

Page 416: ...ryPoint CreateStorediSCSIVolume DeleteBandwidthRateLimit DeleteChapCredentials DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials DescribeGatewayInformation DescribeMaintenanceStartTime DescribeSnapshotSchedule DescribeStorediSCSIVolumes DescribeWorkingStorage ListLocalDisks ListVolumes ListVolumeRecoveryPoints ShutdownGateway StartGateway Upda...

Page 417: ...orediSCSIVolume DeleteBandwidthRateLimit DeleteChapCredentials DeleteGateway DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials DescribeGatewayInformation DescribeMaintenanceStartTime DescribeSnapshotSchedule DescribeStorediSCSIVolumes DescribeWorkingStorage ListLocalDisks ListGateways ListVolumes ListVolumeRecoveryPoints ShutdownGateway StartG...

Page 418: ...ge Gateway User Guide Operation Error Codes Operation Error Code Message Operations That Return this Error Code UpdateGatewayInformation UpdateGatewaySoftwareNow UpdateSnapshotSchedule API Version 2013 06 30 411 ...

Page 419: ...oint CreateStorediSCSIVolume DeleteBandwidthRateLimit DeleteChapCredentials DeleteGateway DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials DescribeGatewayInformation DescribeMaintenanceStartTime DescribeSnapshotSchedule DescribeStorediSCSIVolumes DescribeWorkingStorage ListLocalDisks ListGateways ListVolumes ListVolumeRecoveryPoints ShutdownG...

Page 420: ... limit was exceeded AddCache AddUploadBuﬀer AddWorkingStorage LunInvalid The speciﬁed LUN is invalid CreateStorediSCSIVolume MaximumVolumeCountExceeded The maximum volume count was exceeded CreateCachediSCSIVolume CreateStorediSCSIVolume DescribeCachediSCSIVolumes DescribeStorediSCSIVolumes NetworkConfigurationChanged The gateway network conﬁguration has changed CreateCachediSCSIVolume CreateStore...

Page 421: ...eateStorediSCSIVolume DeleteBandwidthRateLimit DeleteChapCredentials DeleteGateway DeleteVolume DescribeBandwidthRateLimit DescribeCache DescribeCachediSCSIVolumes DescribeChapCredentials DescribeGatewayInformation DescribeMaintenanceStartTime DescribeSnapshotSchedule DescribeStorediSCSIVolumes DescribeWorkingStorage ListLocalDisks ListGateways ListVolumes ListVolumeRecoveryPoints ShutdownGateway ...

Page 422: ...CachediSCSIVolume CreateStorediSCSIVolume StagingAreaFull The staging area is full CreateCachediSCSIVolume CreateStorediSCSIVolume TargetAlreadyExists The speciﬁed target already exists CreateCachediSCSIVolume CreateStorediSCSIVolume TargetInvalid The speciﬁed target is invalid CreateCachediSCSIVolume CreateStorediSCSIVolume DeleteChapCredentials DescribeChapCredentials UpdateChapCredentials Targe...

Page 423: ...olumeAlreadyExists The speciﬁed volume already exists CreateCachediSCSIVolume CreateStorediSCSIVolume VolumeIdInvalid The speciﬁed volume is invalid DeleteVolume VolumeInUse The speciﬁed volume is already in use DeleteVolume VolumeNotFound The speciﬁed volume was not found CreateSnapshot CreateSnapshotFromVolumeRecoveryPoint DeleteVolume DescribeCachediSCSIVolumes DescribeSnapshotSchedule Describe...

Page 424: ...etails In general errors i e not speciﬁc to any API this error information is not shown Type Collection errorCode One of the operation error codes Type String errorDetails This ﬁeld is not used in the current version of the API Type String message One of the operation error code messages Type String Error Response Examples The following JSON body is returned if you use the DescribeStorediSCSIVolum...

Page 425: ...natureException message The request signature we calculated does not match the signature you provided Operations in AWS Storage Gateway For a list of AWS Storage Gateway operations see Actions in the AWS Storage Gateway API Reference API Version 2013 06 30 418 ...

Page 426: ...your virtual tapes that are archived in the GLACIER storage class to the DEEP_ARCHIVE storage class for cost eﬀective and long term data retention For more information see Moving a Tape from Glacier to Deep Archive May 28 2019 SMB ﬁle share support for Microsoft Windows ACLs p 419 For ﬁle gateways you can now use Microsoft Windows ACLs to control access to SMB ﬁle shares For more information see U...

Page 427: ...volumes for cloud backed storage For more information see Backing Up Your Volumes January 16 2019 Support for Bacula Enterprise and IBM Spectrum Protect p 419 Tape gateways now support Bacula Enterprise and IBM Spectrum Protect Storage Gateway also now supports newer versions of Veritas NetBackup Veritas Backup Exec and Quest NetVault backup You can now use these backup applications to back up you...

Page 428: ...d volume or virtual tape Currently you can do this by using the AWS Storage Gateway API For more information see Encrypting Your Data Using AWS Key Management System June 12 2018 Support for NovaStor DataCenter Network p 419 Tape gateways now support NovaStor DataCenter Network You can now use NovaStor DataCenter Network version 6 4 or 7 1 to back up your data to Amazon S3 and archive directly to ...

Page 429: ...ay is now available in the EU Paris Region For detailed information see AWS Regions p 10 December 18 2017 Support for ﬁle upload notiﬁcation and guessing of the MIME type File gateways now enable you to get notiﬁcation when all ﬁles written to your NFS ﬁle share have been uploaded to Amazon S3 For more information see NotifyWhenUploaded in the AWS Storage Gateway API Reference File gateways now en...

Page 430: ...rts the ability to clone a volume from an existing volume For more information see Cloning a Volume p 157 March 16 2017 Support for ﬁle gateways on Amazon EC2 AWS Storage Gateway now provides the ability to deploy a ﬁle gateway in Amazon EC2 You can launch a ﬁle gateway in Amazon EC2 using the Storage Gateway Amazon Machine Image AMI now available as a community AMI For information about how to cr...

Page 431: ...ion AWS Storage Gateway is now available in the US East Ohio Region For detailed information see AWS Regions p 10 October 17 2016 AWS Storage Gateway console redesign The AWS Storage Gateway Management Console has been redesigned to make it easier to conﬁgure manage and monitor your gateways volumes and virtual tapes The user interface now provides views that can be ﬁltered and provides direct lin...

Page 432: ...21 2016 Compatibility with for Dell EMC NetWorker 8 x Tape gateway is now compatible with Dell EMC NetWorker 8 x You can now use Dell EMC NetWorker to back up your data to Amazon S3 and archive directly to oﬄine storage GLACIER or DEEP_ARCHIVE For more information see Testing Your Setup by Using Dell EMC NetWorker p 95 February 29 2016 Support for VMware ESXi Hypervisor version 6 0 and Red Hat Ent...

Page 433: ...te for AWS Storage Gateway has increased to 120 MB a second and the maximum download rate has increased to 20 MB a second The AWS Storage Gateway local console has been updated and enhanced with additional features to help you perform maintenance tasks For more information see Conﬁguring Your Gateway Network p 257 September 16 2015 Support for tagging AWS Storage Gateway now supports resource tagg...

Page 434: ...torage Gateway Console p 228 AWS Storage Gateway now provides an API you can use to list iSCSI initiators connected to your storage volumes For more information see ListVolumeInitiators in the API reference June 3 2015 Support for Microsoft Hyper V hypervisor versions 2012 and 2012 R2 AWS Storage Gateway now supports Microsoft Hyper V hypervisor versions 2012 and 2012 R2 This is in addition to sup...

Page 435: ...oaded to AWS are now recovered when a gateway s cached drive changes For more information see Recovering a Virtual Tape From An Unrecoverable Gateway p 335 December 16 2014 Compatibility with additional backup software and medium changer Tape gateway is now compatible with the following backup software Symantec Backup Exec 2014 Microsoft System Center 2012 R2 Data Protection Manager Veeam Backup R...

Page 436: ...on tasks on AWS Storage Gateway local console AWS Storage Gateway now supports connecting multiple hosts to the same volume if the hosts coordinate access by using Windows Server Failover Clustering WSFC However you can t connect multiple hosts to that same volume without using WSFC AWS Storage Gateway now enables you to manage storage connectivity directly through your ESX host This provides an a...

Page 437: ...tural overview see Tape Gateways p 6 To get started with tape gateway see Creating a Tape Gateway p 75 November 5 2013 Support for Microsoft Hyper V AWS Storage Gateway now provides the ability to deploy an on premises gateway on the Microsoft Hyper V virtualization platform Gateways deployed on Microsoft Hyper V have all the same functionality and features as the existing on premises storage gate...

Page 438: ...e current operations provides new operations to support cached volumes For more information on the two AWS Storage Gateway solutions see How AWS Storage Gateway Works Architecture p 2 You can also try a test setup For instructions see Creating a Tape Gateway p 75 October 29 2012 API and IAM support In this release AWS Storage Gateway introduces API support as well as support for AWS Identity and A...

Search results

Summary of Contents for Storage Gateway

Reviews:

Related manuals for Storage Gateway

Brands by name

Popular brands

AWS Storage Gateway, User Manual

Search results

Summary of Contents for Storage Gateway

Reviews:

Related manuals for Storage Gateway

Brands by name

Popular brands