AWS Storage Gateway
User Guide (API Version 2013-06-30)


Unless otherwise noted, the following requirements are common to all gateway configurations.

Supported Hypervisors and Host Requirements

You can choose to run AWS Storage Gateway either on-premises as a virtual machine (VM) appliance, or in AWS as an Amazon Elastic Compute Cloud (Amazon EC2) instance.

AWS Storage Gateway supports the following hypervisor versions and hosts:

  • VMware ESXi Hypervisor (version 4.1, 5.0, 5.1, 5.5 or 6.0)—A free version of VMware is available on the VMware website. You will also need a VMware vSphere client to connect to the host.

  • Microsoft Hyper-V Hypervisor (version 2008 R2, 2012, or 2012 R2)—A free, stand-alone version of Hyper-V is available at the Microsoft Download Center. You will need a Microsoft Hyper-V Manager on a Microsoft Windows client computer to connect to the host.

  • EC2 instance—AWS Storage Gateway provides an Amazon Machine Image (AMI) that contains the gateway VM image. Only gateway-cached volumes and gateway-VTLs can be deployed on Amazon EC2. For information about how to deploy a gateway on Amazon EC2, see Amazon EC2 Gateway.

Hardware Requirements

When deploying your gateway on-premises, you must make sure that the underlying hardware on which you are deploying the gateway VM is able to dedicate the following resources:

  • Four or eight virtual processors assigned to the VM.

  • 7.5 GB of RAM assigned to the VM

  • 75 GB of disk space for installation of VM image and system data

For more information, see Optimizing Gateway Performance

For information about how your hardware affects the performance of the gateway VM, see AWS Storage Gateway Limits.

When deploying your gateway on Amazon EC2, you must use the m3, i2, c3, c4, r3, d2, and m4 instance types and the instance size must be at least size xlarge. You must select one of these instance types for the gateway to function. For more information, go to AWS Storage Gateway in AWS Marketplace.

Supported iSCSI Initiators

When you deploy a gateway-cached or gateway-stored volume gateway, you can create iSCSI storage volumes on your gateway. When you deploy a gateway-VTL, the gateway is preconfigured with one media changer and ten tape drives. These tape drives and the media changer are available to your existing client backup applications as iSCSI devices. To connect to these iSCSI devices, AWS Storage Gateway supports the following iSCSI initiators:

  • Windows Server 2012 and Windows Server 2012 R2

  • Windows Server 2008 and Windows Server 2008 R2

  • Windows 7

  • Red Hat Enterprise Linux 5

  • Red Hat Enterprise Linux 6

  • Red Hat Enterprise Linux 7

  • VMware ESX Initiator

The VMware ESX Initiator provides an alternative to using initiators in the guest operating systems of your VMs.

Supported Backup Software (Gateway-VTL Only)

Typically, you will use a backup application to read, write, and manage tapes with a gateway-VTL.

The following lists the third-party backup software that Gateway-VTL supports.

  • Symantec NetBackup version 7.x

  • Symantec Backup Exec 2012

  • Symantec Backup Exec 2014

  • Symantec Backup Exec 15

  • Microsoft System Center 2012 R2 Data Protection Manager

  • Veeam Backup & Replication V7

  • Veeam Backup & Replication V8

  • Dell NetVault Backup 10.0

  • EMC NetWorker 8.x

Storage Requirements

In addition to 75 GB disk space for the VM, you will also need additional disks for the gateway.

  • For gateway-cached volume configuration, you will need storage for the local cache and an upload buffer.

  • For gateway-stored volume configuration, you will need storage for your entire dataset and an upload buffer.

  • For gateway-VTL configuration, you will need storage for the local cache and an upload buffer.

For more information about how to add disks, see Step 2.3: Provision Local Disk Storage for the Gateway VM (VMWare).

For information about gateway limits, see AWS Storage Gateway Limits.

Network and Firewall Requirements

Your locally deployed gateway requires access to the internet, local networks, Domain Name Service (DNS) servers, firewalls, routers, and so on. Following, you can find information about required ports and how to allow access through firewalls and routers.

Port Requirements

AWS Storage Gateway requires the following ports for its operation.





How Used



Storage Gateway


For communication from AWS Storage Gateway to the AWS service endpoint. For information about service endpoints, see Allowing AWS Storage Gateway Access through Firewalls and Routers.



Local networks

Storage Gateway

By local systems to obtain the storage gateway activation key. Port 80 is only used during activation of the Storage Gateway appliance.


AWS Storage Gateway does not require port 80 to be publicly accessible. The required level of access to port 80 depends on your network configuration. If you activate your gateway from the AWS Storage Gateway Management Console, the host from which you connect to the console must have access to your gateway’s port 80.



Local networks

Storage Gateway

By local systems to connect to iSCSI targets exposed by the gateway.



Domain Name Service (DNS) server

Storage Gateway

For communication between AWS Storage Gateway and the DNS server.



Storage Gateway local console

Storage Gateway support channel

Allows AWS Support to access your gateway to help you with troubleshooting gateway issues.

Allowing AWS Storage Gateway Access through Firewalls and Routers

Your locally deployed gateway requires access to the following endpoints to communicate with AWS. If you use a firewall or router to filter or limit network traffic, you must configure your firewall and router to allow these service endpoints for outbound communication to AWS.

The following table provides a list of region strings for the available regions.

Region NameRegion StringGateway-CachedGateway-StoredGateway-VTL
US East (N. Virginia)us-east-1




US West (N. California)us-west-1




US West (Oregon)us-west-2




EU (Ireland)eu-west-1




EU (Frankfurt)eu-central-1




Asia Pacific (Singapore)ap-southeast-1



Asia Pacific (Sydney)ap-southeast-2




Asia Pacific (Tokyo)ap-northeast-1yes



Asia Pacific (Seoul)ap-northeast-2yes



South America (São Paulo)sa-east-1




Depending on your gateway's region, you replace region in the endpoint with the corresponding region string. For example, if you create a gateway in the US West (Oregon) region, the endpoint looks like this:

Next Step

Step 1: Sign Up for AWS Storage Gateway