AWS Storage Gateway

(1)

AWS Storage Gateway

User Guide

API Version 2021-03-31

(2)

AWS Storage Gateway: User Guide

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be aﬃliated with, connected to, or sponsored by Amazon.

(3)

What is Amazon FSx File Gateway?

Storage Gateway oﬀers ﬁle gateway, volume gateway, and tape gateway storage solutions.

Amazon FSx File Gateway (FSx File) is a new file gateway type that provides low latency and efficient access to in-cloud FSx for Windows File Server file shares from your on-premises facility. If you maintain on-premises file storage because of latency or bandwidth requirements, you can instead use FSx File for seamless access to fully managed, highly reliable, and virtually unlimited Windows file shares provided in the AWS Cloud by FSx for Windows File Server.

Beneﬁts of using Amazon FSx File Gateway FSx File provides the following beneﬁts:

• Helps eliminate on-premises ﬁle servers and consolidates all their data in AWS to take advantage of the scale and economics of cloud storage.

• Provides options that you can use for all your ﬁle workloads, including those that require on-premises access to cloud data.

• Applications that need to stay on premises can now experience the same low latency and high performance that they have in AWS, without taxing your networks or impacting the latencies experienced by your most demanding applications.

How Amazon FSx File Gateway works

To use Amazon FSx File Gateway (FSx File), you must have at least one Amazon FSx for Windows File Server ﬁle system. You must also have on-premises access to FSx for Windows File Server, either through a VPN or through an AWS Direct Connect connection. For more information about using Amazon FSx ﬁle systems, see What is Amazon FSx for Windows File Server?

You download and deploy the FSx File VMware virtual appliance or an AWS Storage Gateway Hardware Appliance into your on-premises environment. After deploying your appliance, you activate the FSx File from the Storage Gateway console or through the Storage Gateway API. You can also create an FSx File using an Amazon Elastic Compute Cloud (Amazon EC2) image.

After the Amazon FSx File Gateway is activated and can access FSx for Windows File Server, use the Storage Gateway console to join it to your Microsoft Active Directory domain. After the gateway successfully joins a domain, you use the Storage Gateway console to attach the gateway to an existing FSx for Windows File Server. FSx for Windows File Server makes all the shares on the server available as shares on your Amazon FSx File Gateway. You can then use a client to browse and connect to the ﬁle shares on FSx File that correspond to the selected FSx File.

When the file shares are connected, you can read and write your files locally, while benefiting from all the features available on FSx for Windows File Server. FSx File maps local file shares and their contents to file shares stored remotely in FSx for Windows File Server. There is a 1:1 correspondence between the remote and locally visible files and their shares.

The following diagram provides an overview of ﬁle storage deployment for Storage Gateway.

(8)

How FSx File works

(9)

How FSx File works

Note the following in the diagram:

• AWS Direct Connect or a VPN is needed to allow the FSx File to access the Amazon FSx ﬁle share using SMB and to allow the FSx for Windows File Server to join your on-premises Active Directory domain.

• Amazon Virtual Private Cloud (Amazon VPC) is needed to connect to the FSx for Windows File Server service VPC and the Storage Gateway service VPC using private endpoints. The FSx File can also connect to the public endpoints.

You can use Amazon FSx File Gateway in all AWS Regions where FSx for Windows File Server is available.

(10)

Sign up for Amazon Web Services

Setting up for Amazon FSx File Gateway

This section provides instructions for getting started with Amazon FSx File Gateway. To get started, you ﬁrst sign up for AWS. If you are a ﬁrst-time user, we recommend that you read the Regions and Requirements sections.

Topics

• Sign up for Amazon Web Services (p. 4)

• Create an IAM user (p. 4)

• File gateway setup requirements (p. 5)

• Accessing AWS Storage Gateway (p. 14)

• Supported AWS Regions (p. 15)

Sign up for Amazon Web Services

If you do not have an AWS account, complete the following steps to create one.

To sign up for an AWS account

1. Open https://portal.aws.amazon.com/billing/signup.

2. Follow the online instructions.

Part of the sign-up procedure involves receiving a phone call and entering a veriﬁcation code on the phone keypad.

Create an IAM user

After you create your AWS account, use the following steps to create an AWS Identity and Access Management (IAM) user for yourself. Then you add that user to a group that has administrative permissions.

To create an administrator user for yourself and add the user to an administrators group (console)

1. Sign in to the IAM console as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password.

Note

We strongly recommend that you adhere to the best practice of using the Administrator IAM user that follows and securely lock away the root user credentials. Sign in as the root user only to perform a few account and service management tasks.

2. In the navigation pane, choose Users and then choose Add user.

3. For User name, enter Administrator.

4. Select the check box next to AWS Management Console access. Then select Custom password, and then enter your new password in the text box.

5. (Optional) By default, AWS requires the new user to create a new password when ﬁrst signing in. You can clear the check box next to User must create a new password at next sign-in to allow the new user to reset their password after they sign in.

(11)

Requirements

6. Choose Next: Permissions.

7. Under Set permissions, choose Add user to group.

8. Choose Create group.

9. In the Create group dialog box, for Group name enter Administrators.

10. Choose Filter policies, and then select AWS managed - job function to ﬁlter the table contents.

11. In the policy list, select the check box for AdministratorAccess. Then choose Create group.

Note

You must activate IAM user and role access to Billing before you can use the

AdministratorAccess permissions to access the AWS Billing and Cost Management console. To do this, follow the instructions in step 1 of the tutorial about delegating access to the billing console.

12. Back in the list of groups, select the check box for your new group. Choose Refresh if necessary to see the group in the list.

13. Choose Next: Tags.

14. (Optional) Add metadata to the user by attaching tags as key-value pairs. For more information about using tags in IAM, see Tagging IAM entities in the IAM User Guide.

15. Choose Next: Review to see the list of group memberships to be added to the new user. When you are ready to proceed, choose Create user.

You can use this same process to create more groups and users and to give your users access to your AWS account resources. To learn about using policies that restrict user permissions to speciﬁc AWS resources, see Access management and Example policies.

File gateway setup requirements

Unless otherwise noted, the following requirements are common to all ﬁle gateway types in AWS Storage Gateway. Your setup must meet the requirements in this section. Review the requirements that apply to your gateway setup before you deploy your gateway.

Topics

• Required prerequisites (p. 5)

• Hardware and storage requirements (p. 6)

• Network and ﬁrewall requirements (p. 7)

• Supported hypervisors and host requirements (p. 13)

• Supported SMB clients for a ﬁle gateway (p. 14)

• Supported ﬁle system operations for a ﬁle gateway (p. 14)

Required prerequisites

Before you use an Amazon FSx File Gateway (FSx File Gateway), you must meet the following requirements:

• Create and conﬁgure an FSx for Windows File Server ﬁle system. For instructions, see Step 1: Create Your File System in the Amazon FSx for Windows File Server User Guide.

• Conﬁgure Microsoft Active Directory (AD).

• Ensure that there is suﬃcient network bandwidth between the gateway and AWS. A minimum of 100 Mbps is required to successfully download, activate, and update the gateway.

• Conﬁgure your private networking, VPN, or AWS Direct Connect between your Amazon Virtual Private Cloud (Amazon VPC) and the on-premises environment where you are deploying your gateway.

(12)

Hardware and storage requirements

• Make sure your gateway can resolve the name of your Active Directory Domain Controller. You can use DHCP in your Active Directory domain to handle resolution, or specify a DNS server manually from the Network Conﬁguration settings menu in the gateway local console.

Hardware and storage requirements

The following sections provide information about the minimum required hardware and settings for your gateway, and the minimum amount of disk space to allocate for the required storage.

Hardware requirements for on-premises VMs

When deploying your gateway on-premises, ensure that the underlying hardware on which you deploy the gateway virtual machine (VM) can dedicate the following minimum resources:

• Four virtual processors assigned to the VM

• 16 GiB of reserved RAM for ﬁle gateways

• 80 GiB of disk space for installation of VM image and system data

Requirements for Amazon EC2 instance types

When deploying your gateway on Amazon Elastic Compute Cloud (Amazon EC2), the instance size must be at least xlarge for your gateway to function. However, for the compute-optimized instance family the size must be at least 2xlarge. Use one of the following instance types recommended for your gateway type.

Recommended for ﬁle gateway types

• General-purpose instance family – m4 or m5 instance type.

• Compute-optimized instance family – c4 or c5 instance types. Choose the 2xlarge instance size or higher to meet the required RAM requirements.

• Memory-optimized instance family – r3 instance types.

• Storage-optimized instance family – i3 instance types.

Note

When you launch your gateway in Amazon EC2 and the instance type you choose supports ephemeral storage, the disks are listed automatically. For more information about Amazon EC2 instance storage, see Instance storage in the Amazon EC2 User Guide.

Storage requirements

In addition to 80 GiB of disk space for the VM, you also need additional disks for your gateway.

Gateway type Cache

(minimum) Cache (maximum) File gateway 150 GiB 64 TiB

Note

You can conﬁgure one or more local drives for your cache, up to the maximum capacity.

When adding cache to an existing gateway, it's important to create new disks in your host (hypervisor or Amazon EC2 instance). Don't change the size of existing disks if the disks have been previously allocated as a cache.

(13)

Network and ﬁrewall requirements

Your gateway requires access to the internet, local networks, Domain Name Service (DNS) servers, ﬁrewalls, routers, and so on.

Network bandwidth requirements vary based on the quantity of data that is uploaded and downloaded by the gateway. A minimum of 100Mbps is required to successfully download, activate, and update the gateway. Your data transfer patterns will determine the bandwidth necessary to support your workload.

Following, you can ﬁnd information about required ports and how to allow access through ﬁrewalls and routers.

Note

In some cases, you might deploy your gateway on Amazon EC2 or use other types of

deployment (including on-premises) with network security policies that restrict AWS IP address ranges. In these cases, your gateway might experience service connectivity issues when the AWS IP range values changes. The AWS IP address range values that you need to use are in the Amazon service subset for the AWS Region that you activate your gateway in. For the current IP range values, see AWS IP address ranges in the AWS General Reference.

Topics

• Port requirements (p. 7)

• Networking and ﬁrewall requirements for the Storage Gateway Hardware Appliance (p. 11)

• Allowing AWS Storage Gateway access through ﬁrewalls and routers (p. 12)

• Conﬁguring security groups for your Amazon EC2 gateway instance (p. 13)

Port requirements

Common ports for all gateway types

The following ports are common to all gateway types and are required by all gateway types.

Protocol Port Direction Source Destination How used

TCP 443 (HTTPS) Outbound Storage

Gateway AWS For

communication from Storage Gateway to the AWS service endpoint. For information about service endpoints, see Allowing AWS Storage Gateway access through ﬁrewalls and routers (p. 12).

TCP 80 (HTTP) Inbound The host

from which you connect to the AWS

Storage

Gateway By local systems to obtain the storage gateway

(14)

Management

Console. activation key.

Port 80 is only used during activation of the Storage Gateway appliance.

Storage Gateway does not require port 80 to be publicly accessible.

The required level of access to port 80 depends on your network conﬁguration.

If you activate your gateway from the Storage Gateway console, the host from which you connect to the console must have access to your gateway’s port 80.

UDP/UDP 53 (DNS) Outbound Storage

Gateway DNS server For

communication between Storage Gateway and the DNS server.

(15)

TCP 22 (Support

channel) Outbound Storage

Gateway AWS Support Allows AWS Support to access your gateway to help you with troubleshooting gateway issues.

You don't need this port open for the normal operation of your gateway, but it is required for troubleshooting.

UDP 123 (NTP) Outbound NTP client NTP server Used by local

systems to synchronize VM time to the host time.

Ports for ﬁle gateways

For FSx File Gateway, you must use Microsoft Active Directory to allow domain users to access a Server Message Block (SMB) ﬁle share. You can join your ﬁle gateway to any valid Microsoft Windows domain (resolvable by DNS).

You can also use the AWS Directory Service to create an AWS Managed Microsoft AD in the Amazon Web Services Cloud. For most AWS Managed Microsoft AD deployments, you need to conﬁgure the Dynamic Host Conﬁguration Protocol (DHCP) service for your VPC. For information about creating a DHCP options set, see Create a DHCP options set in the AWS Directory Service Administration Guide.

FSx File Gateway requires the following ports.

UDP NetBIOS

137 Inbound and

outbound Microsoft

Active Directory

For connecting to Microsoft Active Directory.

UDP NetBIOS

138 Inbound and

outbound For Datagram

service

TCP LDAP 389 Inbound and

outbound For Directory

System Agent (DSA) client connection

TCP v2/v3 data 445 Outbound Storage data

transfer between ﬁle gateway

(16)

and FSx for Windows File Server

TCP (HTTPS) 443 Outbound Storage

Gateway service endpoints

Management control – Used for communication from an Storage Gateway VM to an AWS service endpoint

TCP HTTPS 443 Outbound Amazon

CloudFront For gateway activation

TCP 443 Outbound VPC endpoint

usage Management

control – Used for communication from an Storage Gateway VM to an AWS service endpoint.

TCP 1026 Outbound Used for

control traﬃc

TCP 1027 Outbound Used only

during activation and can then be closed

TCP 1028 Outbound Used for

control traﬃc

TCP 1031 Outbound Used only

for software updates for ﬁle gateways

TCP 2222 Outbound Used to open

a support channel to the gateway when using VPC endpoints

TCP (HTTPS) 8080 Inbound Required

brieﬂy for activation of a hardware appliance

(17)

Networking and ﬁrewall requirements for the Storage Gateway Hardware Appliance

Each Storage Gateway Hardware Appliance requires the following network services:

• Internet access – an always-on network connection to the internet through any network interface on the server.

• DNS services – DNS services for communication between the hardware appliance and DNS server.

• Time synchronization – an automatically conﬁgured Amazon NTP time service must be reachable.

• IP address – A DHCP or static IPv4 address assigned. You cannot assign an IPv6 address.

There are ﬁve physical network ports at the rear of the Dell PowerEdge R640 server. From left to right (facing the back of the server) these ports are as follows:

1. iDRAC 2. em1 3. em2 4. em3 5. em4

You can use the iDRAC port for remote server management.

A hardware appliance requires the following ports to operate.

SSH 22 Outbound Hardware

appliance 54.201.223.107 Support channel

DNS 53 Outbound Hardware

appliance DNS servers Name

resolution

UDP/NTP 123 Outbound Hardware

appliance *.amazon.pool.ntp.orgTime

synchronization

HTTPS 443 Outbound Hardware

appliance *.amazonaws.com Data transfer

HTTP 8080 Inbound AWS Hardware

appliance Activation

(only brieﬂy)

To perform as designed, a hardware appliance requires network and ﬁrewall settings as follows:

(18)

• Conﬁgure all connected network interfaces in the hardware console.

• Make sure that each network interface is on a unique subnet.

• Provide all connected network interfaces with outbound access to the endpoints listed in the diagram preceding.

• Conﬁgure at least one network interface to support the hardware appliance. For more information, see Conﬁguring network parameters (p. 21).

Note

For an illustration showing the back of the server with its ports, see Rack-mounting your hardware appliance and connecting it to power (p. 18).

All IP addresses on the same network interface (NIC), whether for a gateway or a host, must be on the same subnet. The following illustration shows the addressing scheme.

For more information about activating and conﬁguring a hardware appliance, see Using the Storage Gateway Hardware Appliance (p. 16).

Allowing AWS Storage Gateway access through ﬁrewalls and routers

Your gateway requires access to the following service endpoints to communicate with AWS. If you use a firewall or router to filter or limit network traffic, you must configure your firewall and router to allow these service endpoints for outbound communication to AWS.

Important

Depending on your gateway's AWS Region, replace region in the service endpoint with the correct Region string.

The following service endpoint is required by all gateways for head-bucket operations.

s3.amazonaws.com:443

The following service endpoints are required by all gateways for control path (anon-cp, client-cp, proxy-app) and data path (dp-1) operations.

anon-cp.storagegateway.region.amazonaws.com:443 client-cp.storagegateway.region.amazonaws.com:443 proxy-app.storagegateway.region.amazonaws.com:443 dp-1.storagegateway.region.amazonaws.com:443

The following gateway service endpoint is required to make API calls.

storagegateway.region.amazonaws.com:443

(19)

Supported hypervisors and host requirements

The following example is a gateway service endpoint in the US West (Oregon) Region (us-west-2).

storagegateway.us-west-2.amazonaws.com:443

The Amazon CloudFront endpoint following is required for Storage Gateway to get the list of available AWS Regions.

https://d4kdq0yaxexbo.cloudfront.net/

A Storage Gateway VM is conﬁgured to use the following NTP servers.

0.amazon.pool.ntp.org 1.amazon.pool.ntp.org 2.amazon.pool.ntp.org 3.amazon.pool.ntp.org

• Storage Gateway—For supported AWS Regions and a list of AWS service endpoints that you can use with Storage Gateway, see AWS Storage Gateway endpoints and quotas in the AWS General Reference.

• Storage Gateway Hardware Appliance—For supported AWS Regions that you can use with the hardware appliance, see Storage Gateway hardware appliance Regions in the AWS General Reference.

Conﬁguring security groups for your Amazon EC2 gateway instance

In AWS Storage Gateway, a security group controls traﬃc to your Amazon EC2 gateway instance. When you conﬁgure a security group, we recommend the following:

• The security group should not allow incoming connections from the outside internet. It should allow only instances within the gateway security group to communicate with the gateway.

If you need to allow instances to connect to the gateway from outside its security group, we recommend that you allow connections only on port 80 (for activation).

• If you want to activate your gateway from an Amazon EC2 host outside the gateway security group, allow incoming connections on port 80 from the IP address of that host. If you cannot determine the activating host's IP address, you can open port 80, activate your gateway, and then close access on port 80 after completing activation.

• Allow port 22 access only if you are using AWS Support for troubleshooting purposes. For more information, see You want AWS Support to help troubleshoot your EC2 gateway (p. 127).

Supported hypervisors and host requirements

You can run Storage Gateway on-premises as either a virtual machine (VM) appliance or a physical hardware appliance, or in AWS as an Amazon EC2 instance.

Storage Gateway supports the following hypervisor versions and hosts:

• VMware ESXi Hypervisor (version 6.0, 6.5 or 6.7) – A free version of VMware is available on the VMware website. For this setup, you also need a VMware vSphere client to connect to the host.

• Microsoft Hyper-V Hypervisor (version 2012 R2 or 2016) – A free, standalone version of Hyper-V is available at the Microsoft Download Center. For this setup, you need a Microsoft Hyper-V Manager on a Microsoft Windows client computer to connect to the host.

(20)

Supported SMB clients for a ﬁle gateway

• Linux Kernel-based Virtual Machine (KVM) – A free, open-source virtualization technology. KVM is included in all versions of Linux version 2.6.20 and newer. Storage Gateway is tested and supported for the CentOS/RHEL 7.7, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS distributions. Any other modern Linux distribution may work, but function or performance is not guaranteed. We recommend this option if you already have a KVM environment up and running and you are already familiar with how KVM works.

• Amazon EC2 instance – Storage Gateway provides an Amazon Machine Image (AMI) that contains the gateway VM image. For information about how to deploy a gateway on Amazon EC2, see Deploying a ﬁle gateway on an Amazon EC2 host (p. 143).

• Storage Gateway Hardware Appliance – Storage Gateway provides a physical hardware appliance as an on-premises deployment option for locations with limited virtual machine infrastructure.

Note

Storage Gateway doesn’t support recovering a gateway from a VM that was created from a snapshot or clone of another gateway VM or from your Amazon EC2 AMI. If your gateway VM malfunctions, activate a new gateway and recover your data to that gateway. For more information, see Recovering from an unexpected virtual machine shutdown (p. 136).

Storage Gateway doesn’t support dynamic memory and virtual memory ballooning.

Supported SMB clients for a ﬁle gateway

File gateways support the following Service Message Block (SMB) clients:

• Microsoft Windows Server 2008 and later

• Windows desktop versions: 10, 8, and 7.

• Windows Terminal Server running on Windows Server 2008 and later

Note

Server Message Block encryption requires clients that support SMB v2.1.

Supported ﬁle system operations for a ﬁle gateway

Your SMB client can write, read, delete, and truncate ﬁles. When clients send writes to Storage Gateway, it writes to local cache synchronously. Then it writes to Amazon FSx asynchronously through optimized transfers. Reads are ﬁrst served through the local cache. If data is not available, it's fetched through Amazon FSx as a read-through cache.

Writes and reads are optimized in that only the parts that are changed or requested are transferred through your gateway. Deletes remove ﬁles from Amazon FSx.

Accessing AWS Storage Gateway

You can use the AWS Storage Gateway console to perform various gateway conﬁguration and

management tasks. The Getting Started section and various other sections of this guide use the console to illustrate gateway functionality.

Additionally, you can use the AWS Storage Gateway API to programmatically conﬁgure and manage your gateways. For more information about the API, see API Reference for Storage Gateway (p. 153).

You can also use the AWS SDKs to develop applications that interact with Storage Gateway. The AWS SDKs for Java, .NET, and PHP wrap the underlying Storage Gateway API to simplify your programming tasks. For information about downloading the SDK libraries, see the AWS Developer Center.

(21)

Supported AWS Regions

For information about pricing, see AWS Storage Gateway pricing.

Supported AWS Regions

Amazon FSx File Gateway stores ﬁle data in the AWS Region where your Amazon FSx ﬁle system is located. Before you start deploying your gateway, choose a Region in the upper-right corner of the Storage Gateway console.

• Amazon FSx File Gateway — For supported AWS Regions and a list of AWS service endpoints that you can use with Amazon FSx File Gateway, see Amazon FSx File Gateway endpoints and quotas in the AWS General Reference.

• Storage Gateway — For supported AWS Regions and a list of AWS service endpoints that you can use with Storage Gateway, see AWS Storage Gateway endpoints and quotas in the AWS General Reference.

• Storage Gateway Hardware Appliance — For supported Regions that you can use with the hardware appliance, see AWS Storage Gateway Hardware Appliance Regions in the AWS General Reference.

(22)

Using the Storage Gateway Hardware Appliance

The Storage Gateway Hardware Appliance is a physical hardware appliance with the Storage Gateway software preinstalled on a validated server conﬁguration. You can manage your hardware appliance from the Hardware page on the AWS Storage Gateway console.

The hardware appliance is a high-performance 1U server that you can deploy in your data center, or on-premises inside your corporate firewall. When you buy and activate your hardware appliance, the activation process associates your hardware appliance with your AWS account. After activation, your hardware appliance appears in the console as a gateway on the Hardware page. You can configure your hardware appliance as a file gateway, tape gateway, or volume gateway type. The procedure that you use to deploy and activate these gateway types on a hardware appliance is same as on a virtual platform.

The Storage Gateway Hardware Appliance can be ordered directly from the AWS Storage Gateway console.

To order a hardware appliance

1. Open the Storage Gateway console at https://console.aws.amazon.com/storagegateway/home and choose the AWS Region that you want your appliance in.

2. Choose Hardware from the navigation pane.

3. Choose Order appliance, and then choose Proceed. You are redirected to the AWS Elemental Appliances and Software Management Console to request a sales quote.

4. Fill out the necessary information and choose Submit.

Once the information has been reviewed, a sale quote is generated and you are able to proceed with the ordering process and submit a Purchase Order, or arrange for pre-payment.

To view a sales quote or order history for the hardware appliance

1. Open the Storage Gateway console at https://console.aws.amazon.com/storagegateway/home.

2. Choose Hardware from the navigation pane.

3. Choose Quotes and orders, and then choose Proceed. You are redirected to the AWS Elemental Appliances and Software Management Console to review sales quotes and order history.

In the sections that follow, you can ﬁnd instructions about how to set up, conﬁgure, activate, launch, and use an Storage Gateway Hardware Appliance.

Topics

• Supported AWS Regions (p. 17)

• Setting up your hardware appliance (p. 17)

• Rack-mounting your hardware appliance and connecting it to power (p. 18)

• Conﬁguring network parameters (p. 21)

(23)

Supported AWS Regions

• Activating your hardware appliance (p. 23)

• Launching a gateway (p. 25)

• Conﬁguring an IP address for the gateway (p. 25)

• Conﬁguring your gateway (p. 26)

• Removing a gateway from the hardware appliance (p. 26)

• Deleting your hardware appliance (p. 27)

Supported AWS Regions

Storage Gateway Hardware Appliance is available for shipping worldwide where it is legally allowed and permitted for exporting by the US government. For information about supported AWS Regions, see Storage Gateway Hardware Appliance Regions in the AWS General Reference.

Setting up your hardware appliance

After you receive your Storage Gateway Hardware Appliance, you use the hardware appliance console to conﬁgure networking to provide an always-on connection to AWS and activate your appliance. Activation associates your appliance with the AWS account that is used during the activation process. After the appliance is activated, you can launch a ﬁle, volume, or tape gateway from the Storage Gateway console.

To install and conﬁgure your hardware appliance

1. Rack-mount the appliance, and plug in power and network connections. For more information, see Rack-mounting your hardware appliance and connecting it to power (p. 18).

2. Set the Internet Protocol version 4 (IPv4) addresses for both the hardware appliance (the host) and Storage Gateway (the service). For more information, see Conﬁguring network parameters (p. 21).

3. Activate the hardware appliance on the console Hardware page in the AWS Region of your choice.

For more information, see Activating your hardware appliance (p. 23).

4. Install the Storage Gateway on your hardware appliance. For more information, see Conﬁguring your gateway (p. 26).

You set up gateways on your hardware appliance the same way that you set up gateways on VMware ESXi, Microsoft Hyper-V, Linux Kernel-based Virtual Machine (KVM), or Amazon EC2.

Increasing the usable cache storage

You can increase the usable storage on the hardware appliance from 5 TB to 12 TB. Doing this provides a larger cache for low latency access to data in AWS. If you ordered the 5 TB model, you can increase the usable storage to 12 TB by buying ﬁve 1.92 TB SSDs (solid state drives), which are available for ordering on the console Hardware page. You can order the additional SSDs by following the same ordering process as ordering a hardware appliance and requesting a sales quote from the Storage Gateway console.

You can then add them to the hardware appliance before you activate it. If you have already activated the hardware appliance and want to increase the usable storage on the appliance to 12 TB, do the following:

1. Reset the hardware appliance to its factory settings. Contact AWS Support for instructions on how to do this.

(24)

Rack-mounting and connecting the hardware appliance to power 2. Add ﬁve 1.92 TB SSDs to the appliance.

Network interface card options

Depending on the model of appliance you ordered, it may come with a 10G-Base-T copper network card or a 10G DA/SFP+ network card.

• 10G-Base-T NIC conﬁguration:

• Use CAT6 cables for 10G or CAT5(e) for 1G

• 10G DA/SFP+ NIC conﬁguration:

• Use Twinax copper Direct Attach Cables up to 5 meters

• Dell/Intel compatible SFP+ optical modules (SR or LR)

• SFP/SFP+ copper transceiver for 1G-Base-T or 10G-Base-T

Rack-mounting your hardware appliance and connecting it to power

After you unbox your Storage Gateway Hardware Appliance, follow the instructions contained in the box to rack-mount the server. Your appliance has a 1U form factor and ﬁts in a standard International Electrotechnical Commission (IEC) compliant 19-inch rack.

To install your hardware appliance, you need the following components:

• Power cables: one required, two recommended.

• Supported network cabling (depending on which Network Interface Card (NIC) is included in the hardware appliance). Twinax Copper DAC, SFP+ optical module (Intel compatible) or SFP to Base-T copper transceiver.

• Keyboard and monitor, or a keyboard, video, and mouse (KVM) switch solution.

Hardware appliance dimensions

(25)

Hardware appliance dimensions

To connect the hardware appliance to power

Note

Before you perform the following procedure, make sure that you meet all of the requirements for the Storage Gateway Hardware Appliance as described in Networking and ﬁrewall

requirements for the Storage Gateway Hardware Appliance (p. 11).

1. Plug in a power connection to each of the two power supplies. It's possible to plug in to only one power connection, but we recommend power connections to both power supplies.

(26)

Hardware appliance dimensions

In the following image, you can see the hardware appliance with the diﬀerent connections.

2. Plug an Ethernet cable into the em1 port to provide an always-on internet connection. The em1 port is the ﬁrst of the four physical network ports on the rear, from left to right.

Note

The hardware appliance doesn't support VLAN trunking. Set up the switch port to which you are connecting the hardware appliance as a non-trunked VLAN port.

3. Plug in the keyboard and monitor.

4. Power on the server by pressing the Power button on the front panel, as shown in the following image.

After the server boots up, the hardware console appears on the monitor. The hardware console presents a user interface specific to AWS that you can use to configure initial network parameters. You configure these parameters to connect the appliance to AWS and open up a support channel for troubleshooting by AWS Support.

To work with the hardware console, enter text from the keyboard and use the Up, Down, Right, and Left Arrow keys to move about the screen in the indicated direction. Use the Tab key to move forward in order through items on-screen. On some setups, you can use the Shift+Tab keystroke to move sequentially backward. Use the Enter key to save selections, or to choose a button on the screen.

To set a password for the ﬁrst time

1. For Set Password, enter a password, and then press Down arrow.

2. For Conﬁrm, re-enter your password, and then choose Save Password.

(27)

Conﬁguring network parameters

At this point, you are in the hardware console, shown following.

Next step

Conﬁguring network parameters (p. 21)

Conﬁguring network parameters

After the server boots up, you can enter your ﬁrst password in the hardware console as described in Rack-mounting your hardware appliance and connecting it to power (p. 18).

Next, on the hardware console take the following steps to conﬁgure network parameters so your hardware appliance can connect to AWS.

(28)

Conﬁguring network parameters

To set a network address

1. Choose Conﬁgure Network and press the Enter key. The Conﬁgure Network screen shown following appears.

2. For IP Address, enter a valid IPv4 address from one of the following sources:

• Use the IPv4 address assigned by your Dynamic Host Conﬁguration Protocol (DHCP) server to your physical network port.

If you do so, note this IPv4 address for later use in the activation step.

• Assign a static IPv4 address. To do so, choose Static in the em1 section and press Enter to view the Conﬁgure Static IP screen shown following.

The em1 section is at upper left section in the group of port settings.

After you have entered a valid IPv4 address, press the Down arrow or Tab.

Note

If you conﬁgure any other interface, it must provide the same always-on connection to the AWS endpoints listed in the requirements.

(29)

Activating your hardware appliance

3. For Subnet, enter a valid subnet mask, and then press Down arrow.

4. For Gateway, enter your network gateway’s IPv4 address, and then press Down arrow.

5. For DNS1, enter the IPv4 address for your Domain Name Service (DNS) server, and then press Down arrow.

6. (Optional) For DNS2, enter a second IPv4 address, and then press Down arrow. A second DNS server assignment would provide additional redundancy should the ﬁrst DNS server become unavailable.

7. Choose Save and then press Enter to save your static IPv4 address setting for the appliance.

To log out of the hardware console

1. Choose Back to return to the Main screen.

2. Choose Logout to return to the Login screen.

Next step

Activating your hardware appliance (p. 23)

Activating your hardware appliance

After conﬁguring your IP address, you enter this IP address in the console on the Hardware page, as described following. The activation process validates that your hardware appliance has the appropriate security credentials and registers the appliance to your AWS account.

You can choose to activate your hardware appliance in any of the supported AWS Regions. For a list of supported AWS Regions, see Storage Gateway Hardware Appliance Regions in the AWS General Reference.

To activate your appliance for the ﬁrst time or in an AWS Region where you have no gateways deployed

1. Sign in to the AWS Management Console and open the Storage Gateway console at AWS Storage Gateway Management Console with the account credentials to use to activate your hardware.

(30)

Activating your hardware appliance

If this is your ﬁrst gateway in an AWS Region, you see a splash screen. After you create a gateway in this AWS Region, the screen no longer displays.

Note

For activation only, the following must be true:

• Your browser must be on the same network as your hardware appliance.

• Your ﬁrewall must allow HTTP access on port 8080 to the appliance for inbound traﬃc.

2. Choose Get started to view the Create gateway wizard, and then choose Hardware Appliance on the Select host platform page, as shown following.

3. Choose Next to view the Connect to hardware screen shown following.

4. For IP Address in the Connect to hardware appliance section, enter the IPv4 address of your appliance, and then choose Connect to go to the Activate Hardware screen shown following.

5. For Hardware name, enter a name for your appliance. Names can be up to 255 characters long and can't include a slash character.

6. For Hardware time zone, enter your local settings.

The time zone controls when hardware updates take place, with 2 a.m. local time used as the time for updates.

Note

We recommend setting the time zone for your appliance as this determines a standard update time that is out of the usual working day window.

7. (Optional) Keep the RAID Volume Manager set to ZFS.

ZFS is used as the RAID volume manager on the hardware appliance to provide better performance and data protection. ZFS is a software-based, open-source ﬁle system and logical volume manager.

The hardware appliance is speciﬁcally tuned for ZFS RAID. For more information on ZFS RAID, see the ZFS Wikipedia page.

8. Choose Next to ﬁnish activation.

A console banner appears on the Hardware page indicating that the hardware appliance has been successfully activated, as shown following.

At this point, the appliance is associated with your account. The next step is to launch a ﬁle, tape, or cached volume gateway on your appliance.

Next step

Launching a gateway (p. 25)

(31)

Launching a gateway

You can launch any of the three storage gateways on the appliance—ﬁle gateway, volume gateway (cached), or tape gateway.

To launch a gateway on your hardware appliance

1. Sign in to the AWS Management Console and open the Storage Gateway console at https://

console.aws.amazon.com/storagegateway/home.

2. Choose Hardware.

3. For Actions, choose Launch Gateway.

4. For Gateway Type, choose File Gateway, Tape Gateway, or Volume Gateway (Cached).

5. For Gateway name, enter a name for your gateway. Names can be 255 characters long and can't include a slash character.

6. Choose Launch gateway.

The Storage Gateway software for your chosen gateway type installs on the appliance. It can take up to 5–10 minutes for a gateway to show up as online in the console.

To assign a static IP address to your installed gateway, you next conﬁgure the gateway's network interfaces so your applications can use it.

Next step

Conﬁguring an IP address for the gateway (p. 25)

Conﬁguring an IP address for the gateway

Before you activated your hardware appliance, you assigned an IP address to its physical network interface. Now that you have activated the appliance and launched your Storage Gateway on it, you need to assign another IP address to the Storage Gateway virtual machine that runs on the hardware appliance. To assign a static IP address to a gateway installed on your hardware appliance, conﬁgure the IP address from the local console for that gateway. Your applications (such as your NFS or SMB client, your iSCSI initiator, and so on) connect to this IP address. You can access the gateway local console from the hardware appliance console.

To conﬁgure an IP address on your appliance to work with applications

1. On the hardware console, choose Open Service Console to open a login screen for the gateway local console.

2. Enter the localhost login password, and then press Enter.

The default account is admin and the default password is password.

3. Change the default password. Choose Actions then Set Local Password and enter your new credentials in the Set Local Password dialog box.

4. (Optional) Conﬁgure your proxy settings. See Rack-mounting your hardware appliance and connecting it to power (p. 18) for instructions.

5. Navigate to the Network Settings page of the gateway local console as shown following.

(32)

Conﬁguring your gateway

6. Type 2 to go to the Network Conﬁguration page shown following.

7. Conﬁgure a static or DHCP IP address for the network port on your hardware appliance to present a ﬁle, volume, and tape gateway for applications. This IP address must be on the same subnet as the IP address used during hardware appliance activation.

To exit the gateway local console

• Press the Crtl+] (close bracket) keystroke. The hardware console appears.

Note

The keystroke preceding is the only way to exit the gateway local console.

Next step

Conﬁguring your gateway (p. 26)

Conﬁguring your gateway

After your hardware appliance has been activated and conﬁgured, your appliance appears in the console.

Now you can create the type of gateway that you want. Continue the installation for your gateway type.

For instructions, see Conﬁgure your Amazon FSx File Gateway (p. 32).

Removing a gateway from the hardware appliance

To remove gateway software from your hardware appliance, use the following procedure. After you do so, the gateway software is uninstalled from your hardware appliance.

To remove a gateway from a hardware appliance

1. Choose the check box for the gateway.

2. For Actions, choose Remove Gateway.

3. In the Remove gateway from hardware appliance dialog box, choose Conﬁrm.

(33)

Deleting your hardware appliance

Note

When you delete a gateway, you can't undo the action. For certain gateway types, you can lose data on deletion, particularly cached data. For more information on deleting a gateway, see Deleting Your Gateway by Using the AWS Storage Gateway Console and Removing Associated Resources (p. 84).

Deleting a gateway doesn't delete the hardware appliance from the console. The hardware appliance remains for future gateway deployments.

Deleting your hardware appliance

After you activate your hardware appliance in your AWS account, you might have a need to move and activate it in a diﬀerent AWS account. In this case, you ﬁrst delete the appliance from the AWS account and activate it in another AWS account. You might also want to delete the appliance completely from your AWS account because you no longer need it. Follow these instructions to delete your hardware appliance.

To delete your hardware appliance

1. If you have installed a gateway on the hardware appliance, you must ﬁrst remove the gateway before you can delete the appliance. For instructions on how to remove a gateway from your hardware appliance, see Removing a gateway from the hardware appliance (p. 26).

2. On the Hardware page, choose the hardware appliance you want to delete.

3. For Actions, choose Delete Appliance.

4. In the Conﬁrm deletion of resource(s) dialog box, choose the conﬁrmation check box and choose Delete. A message indicating successful deletion is displayed.

When you delete the hardware appliance, all the resources associated with the gateway that is installed on the appliance are delete also, but the data on the hardware appliance itself is not deleted.

(34)

Step 1: Create an Amazon FSx ﬁle system

Getting started with AWS Storage Gateway

In this section, you can ﬁnd instructions about how to create and activate a ﬁle gateway in AWS Storage Gateway. Before you get started, make sure that your setup meets the required prerequisites and other requirements described in Setting up for Amazon FSx File Gateway (p. 4).

Topics

• Step 1: Create an Amazon FSx for Windows File Server ﬁle system (p. 28)

• Step 2: (Optional) Create an Amazon VPC endpoint (p. 28)

• Step 3: Create and activate an Amazon FSx File Gateway (p. 30)

Step 1: Create an Amazon FSx for Windows File Server ﬁle system

To create an Amazon FSx File Gateway in AWS Storage Gateway, the first step is to create an Amazon FSx for Windows File Server file system. If you've already created an Amazon FSx file system, go to the next step, Step 2: (Optional) Create an Amazon VPC endpoint (p. 28).

Note

The following limitations apply when writing to an Amazon FSx ﬁle system from an FSx File Gateway:

• Your Amazon FSx ﬁle system and your FSx File Gateway must be owned by the same AWS account and located in the same AWS Region.

• Each gateway can support five attached file systems. When attaching a file system, the Storage Gateway console notifies you if the selected gateway is at capacity. In that case, you must choose a different gateway or detach a file system before you can attach another one.

• FSx File Gateway supports soft storage quotas (issuing warnings when users surpass their data limits), but does not support hard quotas (enforcing data limits by denying write access). Soft quotas are supported for all users except the Amazon FSx admin user. For more information about setting up storage quotas, see Storage quotas in the Amazon FSx for Windows File Server User Guide.

To create an FSx for Windows File Server ﬁle system

1. Open the AWS Management Console at https://console.aws.amazon.com/fsx/home/, and choose the Region that you want to create your gateway in.

2. Follow the instructions in Getting Started with Amazon FSx in the Amazon FSx for Windows File Server User Guide.

Step 2: (Optional) Create an Amazon VPC endpoint

This step is not required when you are creating an Amazon FSx File Gateway in AWS Storage Gateway.

However, we recommend that you create a virtual private cloud (VPC) endpoint for Storage Gateway and

(35)

Step 2: (Optional) Create a VPC endpoint

activate the gateway in the VPC. Doing so creates a private connection between your VPC and Storage Gateway.

If you already have a VPC endpoint for Storage Gateway, you can use it for your FSx File Gateway. A single VPC endpoint that can support multiple gateways allows gateways deployed in your VPC to connect to the Storage Gateway service VPC. If you have already created a VPC endpoint for Storage Gateway, go to the next step, Step 3: Create and activate an Amazon FSx File Gateway (p. 30).

To create an Amazon VPC endpoint

1. Open the AWS Management Console at https://console.aws.amazon.com/vpc/home/, and choose the AWS Region that you want to create your gateway in.

2. In the left navigation pane, choose Endpoints, and then choose Create endpoint.

3. On the Create endpoint page, choose AWS services for Service category.

4. For Service name, search for storagegateway. The Region will default to the Region that you are signed in to—for example, com.amazonaws.region.storagegateway. So if you are signed in to US East (Ohio), you would see com.amazonaws.us-east-2.storagegateway.

5. For VPC, choose your VPC and note its Availability Zones and subnets.

6. Verify that Enable Private DNS Name is not selected.

7. For Security group, create a new security group to use with your VPC. Make sure that all of the following TCP ports are allowed in your security group:

• TCP 1026

• TCP 1027

• TCP 1028

• TCP 1031

• TCP 2222

Note

The gateway uses these ports to communicate back to the Storage Gateway managed service. When you are using a VPC endpoint, the following ports must be open for inbound access from the IP address of your gateway.

8. Choose Create endpoint. The initial state of the endpoint is Pending. When the endpoint is created, take note of the ID of the VPC endpoint that you just created.

Note

We recommend that you provide a name for this VPC endpoint, for example, StorageGatewayEndpoint.

9. When the endpoint is created, choose Endpoints, and then choose the new VPC endpoint.

10. In the DNS Names section, use the ﬁrst Domain Name System (DNS) name that doesn't specify an Availability Zone. Your DNS name should look similar to the following:

vpce-1234567e1c24a1fe9-62qntt8k.storagegateway.us-east-1.vpce.amazonaws.com

Note

This DNS name will resolve to the Storage Gateway endpoint private IP addresses that are allocated in your VPC.

11. Review the list of ports that must be opened on your ﬁrewall.

Now that you have created a VPC endpoint, you can create your FSx File Gateway.

Next step

the section called “Step 3: Create and activate an FSx File Gateway gateway” (p. 30)

(36)

Step 3: Create and activate an FSx File Gateway gateway

Step 3: Create and activate an Amazon FSx File Gateway

In this section, you can ﬁnd instructions on how to create, deploy, and activate a ﬁle gateway in AWS Storage Gateway.

Topics

• Set up an Amazon FSx File Gateway (p. 30)

• Connect your Amazon FSx File Gateway to AWS (p. 31)

• Review settings and activate your Amazon FSx File Gateway (p. 31)

• Conﬁgure your Amazon FSx File Gateway (p. 32)

Set up an Amazon FSx File Gateway

To set up a new FSx File Gateway

1. Open the AWS Management Console at https://console.aws.amazon.com/storagegateway/home/, and choose the AWS Region where you want to create your gateway.

2. Choose Create gateway to open the Set up gateway page.

3. In the Gateway settings section, do the following:

a. For Gateway name, enter a name for your gateway. After your gateway is created, you can search for this name to ﬁnd your gateway on the list pages in the AWS Storage Gateway console.

b. For Gateway time zone, choose the local time zone for the part of the world where you want to deploy your gateway.

4. In the Gateway options section, for Gateway type, choose Amazon FSx File Gateway.

5. In the Platform options section, do the following:

a. For Host platform, choose the platform on which you want to deploy your gateway. Then follow the platform-speciﬁc instructions displayed on the Storage Gateway console page to set up your host platform. You can choose from the following options:

• VMware ESXi – Download, deploy, and conﬁgure the gateway virtual machine using VMware ESXi.

• Microsoft Hyper-V – Download, deploy, and conﬁgure the gateway virtual machine using Microsoft Hyper-V.

• Linux KVM – Download, deploy, and conﬁgure the gateway virtual machine using Linux Kernel-based Virtual Machine (KVM).

• Amazon EC2 – Conﬁgure and launch an Amazon EC2 instance to host your gateway.

• Hardware appliance – Order a dedicated physical hardware appliance from AWS to host your gateway.

b. For Conﬁrm set up gateway, select the check box to conﬁrm that you performed the

deployment steps for the host platform you chose. This step is not applicable for the Hardware appliance host platform.

6. Now that your gateway is set up, you must choose how you want it to connect and communicate with AWS. Choose Next to proceed.

(37)

Connect your Amazon FSx File Gateway to AWS

To connect a new FSx File Gateway to AWS

1. If you have not done so already, complete the procedure described in Set up an Amazon FSx File Gateway. When ﬁnished, choose Next to open the Connect to AWS page in the AWS Storage Gateway console.

2. In the Endpoint options section, for Service endpoint, choose the type of endpoint your gateway will use to communicate with AWS. You can choose from the following options:

• Publicly accessible – Your gateway communicates with AWS over the public internet. If you select this option, use the FIPS enabled endpoint check box to specify whether the connection must comply with Federal Information Processing Standards (FIPS).

Note

If you require FIPS 140-2 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS-compliant endpoint. For more information, see Federal Information Processing Standard (FIPS) 140-2.

The FIPS service endpoint is available only in some AWS Regions. For more information, see AWS Storage Gateway endpoints and quotas in the AWS General Reference.

• VPC hosted – Your gateway communicates with AWS through a private connection with your virtual private cloud (VPC), allowing you to control your network settings. If you select this option, you must specify an existing VPC endpoint by choosing its VPC endpoint ID from the dropdown list. You can also provide its VPC endpoint Domain Name System (DNS) name or IP address.

3. In the Gateway connection options section, for Connection options, choose how to identify your gateway to AWS. You can choose from the following options:

• IP address – Provide the IP address of your gateway in the corresponding ﬁeld. This IP address must be public or accessible from within your current network, and you must be able to connect to it from your web browser.

You can obtain the gateway IP address by logging into the gateway's local console from your hypervisor client, or by copying it from your Amazon EC2 instance details page.

• Activation key – Provide the activation key for your gateway in the corresponding ﬁeld. You can generate an activation key using the gateway's local console. If your gateway's IP address is unavailable, choose this option.

4. Now that you have chosen how you want your gateway to connect to AWS, you must activate the gateway. Choose Next to proceed.

Review settings and activate your Amazon FSx File Gateway

To activate a new FSx File Gateway

1. If you have not done so already, complete the procedures described in the following topics:

• Set up an Amazon FSx File Gateway

• Connect your Amazon FSx File Gateway to AWS

When ﬁnished, choose Next to open the Review and activate page in the AWS Storage Gateway console.

2. Review the initial gateway details for each section on the page.

(38)

Conﬁgure your Amazon FSx File Gateway

3. If a section contains errors, choose Edit to return to the corresponding settings page and make changes.

Important

You cannot modify the gateway options or connection settings after your gateway is activated.

4. Now that you have activated your gateway, you must perform the first-time configuration to allocate local storage disks and configure logging. Choose Next to proceed.

Conﬁgure your Amazon FSx File Gateway

To perform the ﬁrst-time conﬁguration on a new FSx File Gateway

1. If you have not done so already, complete the procedures described in the following topics:

• Set up an Amazon FSx File Gateway

• Connect your Amazon FSx File Gateway to AWS

• Review settings and activate your Amazon FSx File Gateway

When ﬁnished, choose Next to open the Conﬁgure gateway page in the AWS Storage Gateway console.

2. In the Conﬁgure cache storage section, use the dropdown lists to allocate at least one local disk with at least 150 gibibytes (GiB) capacity to Cache. The local disks listed in this section correspond to the physical storage that you provisioned on your host platform.

3. In the CloudWatch log group section, choose how to set up Amazon CloudWatch Logs to monitor the health of your gateway. You can choose from the following options:

• Create a new log group – Set up a new log group to monitor your gateway.

• Use an existing log group – Choose an existing log group from the corresponding dropdown list.

• Deactivate logging – Do not use Amazon CloudWatch Logs to monitor your gateway.

4. In the CloudWatch alarms section, choose how to set up Amazon CloudWatch alarms to notify you when your gateway's metrics deviate from deﬁned limits. You can choose from the following options:

• Deactivate alarms – Do not use CloudWatch alarms to be notiﬁed about your gateway's metrics.

• Create custom CloudWatch alarm – Configure a new CloudWatch alarm to be notified about your gateway's metrics. Choose Create alarm to define metrics and specify alarm actions in the Amazon CloudWatch console. For instructions, see Using Amazon CloudWatch alarms in the Amazon CloudWatch User Guide.

5. (Optional) In the Tags section, choose Add new tag, then enter a case-sensitive key-value pair to help you search and ﬁlter for your gateway on the list pages in the AWS Storage Gateway console.

Repeat this step to add as many tags as you need.

6. (Optional) In the Verify VMware High Availability conﬁguration section, if your gateway is deployed on a VMware host as part of a cluster that is enabled for VMware High Availability (HA), choose Verify VMware HA to test whether the HA conﬁguration is working properly.

Note

This section appears only for gateways that are running on the VMware host platform.

This step is not required to complete the gateway configuration process. You can test your gateway's HA configuration at any time. Verification takes a few minutes, and reboots the Storage Gateway virtual machine (VM).

7. Choose Conﬁgure to ﬁnish creating your gateway.

(39)

Conﬁgure your Amazon FSx File Gateway

To check the status of your new gateway, search for it on the Gateways page of the AWS Storage Gateway console.

Now that you have created your gateway, you must attach a ﬁle system for it to use. For instructions, see Attach an Amazon FSx for Windows File Server ﬁle system.

If you do not have an existing Amazon FSx ﬁle system to attach, you must create one. For instructions, see Getting started with Amazon FSx.

(40)

Conﬁgure Active Directory settings

In this step, you conﬁgure your Amazon FSx File Gateway access settings in Storage Gateway to join a Microsoft Active Directory.

To conﬁgure Active Directory settings

1. In the Storage Gateway console, choose Attach FSx ﬁle system.

2. On the Conﬁrm gateway page, in the list of gateways, choose the Amazon FSx File Gateway that you want to use.

If you don't have a gateway, you must create one. Make sure your gateway can resolve the name of your Active Directory Domain Controller. For information, see Required prerequisites (p. 5).

3. Enter values for the Active Directory settings:

Note

If your gateway is already joined to a domain, you don't need to join again. Go to the next step.

• For Domain name, enter the domain name of the Active Directory that you want to use.

• For Domain user, enter a user name for the Active Directory.

• For Domain password, enter the password for the domain user.

Note

Your account must be able to join a server to a domain.

• For Organizational unit- optional, you can specify an organizational unit the Active Directory belongs to.

• Enter a value for Domain controller(s) - optional.

4. Choose Next to open the Attach FSx File system page.

Next step

Attach an Amazon FSx for Windows File Server ﬁle system (p. 35)

AWS Storage Gateway

AWS Storage Gateway

User Guide

API Version 2021-03-31

AWS Storage Gateway: User Guide

Table of Contents

What is Amazon FSx File Gateway?

How Amazon FSx File Gateway works

Setting up for Amazon FSx File Gateway

Sign up for Amazon Web Services

To sign up for an AWS account

Create an IAM user

To create an administrator user for yourself and add the user to an administrators group (console)

Note

Note

File gateway setup requirements

Required prerequisites

Hardware and storage requirements

Hardware requirements for on-premises VMs

Requirements for Amazon EC2 instance types

Note

Storage requirements

Note

Network and ﬁrewall requirements

Note

Port requirements

Networking and ﬁrewall requirements for the Storage Gateway Hardware Appliance

Note

Allowing AWS Storage Gateway access through ﬁrewalls and routers

Important

Conﬁguring security groups for your Amazon EC2 gateway instance

Supported hypervisors and host requirements

Note

Supported SMB clients for a ﬁle gateway

Note

Supported ﬁle system operations for a ﬁle gateway

Accessing AWS Storage Gateway

Supported AWS Regions

Using the Storage Gateway Hardware Appliance

To order a hardware appliance

To view a sales quote or order history for the hardware appliance

Supported AWS Regions

Setting up your hardware appliance

To install and conﬁgure your hardware appliance

Rack-mounting your hardware appliance and connecting it to power

Hardware appliance dimensions

To connect the hardware appliance to power

Note

Note

To set a password for the ﬁrst time

Conﬁguring network parameters

To set a network address

Note

To log out of the hardware console

Activating your hardware appliance

To activate your appliance for the ﬁrst time or in an AWS Region where you have no gateways deployed

Note

Note

Launching a gateway

To launch a gateway on your hardware appliance

Conﬁguring an IP address for the gateway

To conﬁgure an IP address on your appliance to work with applications

To exit the gateway local console

Note

Conﬁguring your gateway

Removing a gateway from the hardware appliance

To remove a gateway from a hardware appliance

Note

Deleting your hardware appliance

To delete your hardware appliance

Getting started with AWS Storage Gateway

Step 1: Create an Amazon FSx for Windows File Server ﬁle system

Note

To create an FSx for Windows File Server ﬁle system

Step 2: (Optional) Create an Amazon VPC endpoint

To create an Amazon VPC endpoint

Note

Note

Note

Step 3: Create and activate an Amazon FSx File Gateway