Working with your AWS DataSync agent's local console
While AWS fully manages your AWS DataSync agent once it's deployed, there might be cases where you need to change your agent's settings or troubleshoot an issue. Here are some examples of why you'd work with your agent through its local console:
-
Manually assign an IP address to the agent.
-
Test your agent's connection to AWS or a storage system.
-
Provide AWS Support access to your agent to help with an issue (such as a firewall misconfiguration).
Important
You don't need to use the agent's local console for standard DataSync functionality.
Accessing the agent's local console
How you access the local console depends on the type of agent you're using.
For security reasons, you can't remotely connect to the local console of the DataSync agent virtual machine (VM).
-
If this is your first time using the local console, log in with the default credentials. The default user name is
admin
and the password ispassword
.Note
We recommend changing the default password. To do this, on the console main menu enter
5
(or6
for VMware VMs), then run thepasswd
command to change the password.
Accessing the local console of a DataSync agent based on Amazon EC2 is similar to connecting to any EC2 instance.
Before you begin: Make sure that your EC2 instance's security group allows access with SSH (TCP port 22). You also must complete any other prerequisites for connecting to an EC2 instance.
To access the agent's local console (Amazon EC2)
-
Open a terminal and copy the following
ssh
command:ssh -i
/path/key-pair-name
.pem -o KexAlgorithms=diffie-hellman-group14-sha1instance-user-name
@instance-public-ip-address
-
For
/path/key-pair-name
, specify the path and file name (.pem
) of the private key required to connect to your instance. -
For
instance-user-name
, specifyadmin
. -
For
instance-public-ip-address
, specify the public IP address of your instance.
The command also includes the key exchange you need (
diffie-hellman-group14-sha1
). -
-
Run the
ssh
command to connect to your agent instance.
If you connect successfully, the main menu of the agent's local console displays.
Getting an agent activation key
If your agent isn't activated yet, you can obtain its activation key from the local console. This option is displayed only until the agent has been activated.
To get an activation key for your agent from the local console
-
Log in to your agent's local console.
-
On the AWS DataSync Activation - Configuration main menu, enter
0
to get an activation key. -
Enter the AWS Region that your agent will be activated in.
-
Enter the service endpoint type that your agent will be using. Options include public, Federal Information Processing Standard (FIPS), and virtual private cloud (VPC) with AWS PrivateLink.
-
The activation key is automatically generated and displayed on screen. Select and copy this value.
-
Using the activation key copied from the last step, use the following
create-agent
CLI command to create and activate the agent:$ aws datasync create-agent --agent-name
your-new-agent-name
--activation-keygenerated-activation-key
On successful activation, this command returns something similar to the following.
{ "AgentArn": "arn:aws:datasync:us-west-1:1234567890A:agent/
agent-id
" }You can also insert the activation key in the DataSync console by using the agent creation wizard.
After the agent is activated, the console menu displays the Agent ID and AWS Region. The option for getting an activation key is no longer visible in the console menu.
Configuring your agent's network settings
The default network configuration for the agent is Dynamic Host Configuration Protocol (DHCP). With DHCP, your agent is automatically assigned an IP address. In some cases, you might need to manually assign your agent's IP as a static IP address, as described following.
To configure your agent to use static IP addresses
-
Log in to your agent's local console.
-
On the AWS DataSync Activation - Configuration main menu, enter
1
to begin configuring your network. -
On the Network Configuration menu, choose one of the following options.
To Do this Get information about your network adapter Enter
1
.A list of adapter names appears, and you are prompted to enter an adapter name—for example,
eth0
. If the adapter you specify is in use, the following information about the adapter is displayed:-
Media access control (MAC) address
-
IP address
-
Netmask
-
Agent IP address
-
DHCP enabled status
You use the same adapter name when you configure a static IP address (option 3) as when you set your agent's default route adapter (option 5).
Configure DHCP Enter
2
.You are prompted to configure the network interface to use DHCP.
Configure a static IP address for your agent Enter
3
.You are prompted to enter the Network adapter name.
Important
If your agent has already been activated, you must shut it down and restart it from the DataSync console for the settings to take effect.
Reset all your agent's network configuration to DHCP Enter
4
.All network interfaces are set to use DHCP.
Important
If your agent has already been activated, you must shut down and restart your agent from the DataSync console for the settings to take effect.
Set your agent's default route adapter Enter
5
.The available adapters for your agent are shown, and you are prompted to choose one of the adapters—for example,
eth0
.Edit your agent's Domain Name System (DNS) configuration Enter
The available adapters of the primary and secondary DNS servers are displayed. You are prompted to provide the new IP address.6
.View your agent's DNS configuration Enter
7
.The available adapters of the primary and secondary DNS servers are displayed.
Note
For some versions of the VMware hypervisor, you can edit the adapter configuration in this menu.
View routing tables Enter
8
.The default route of your agent is displayed.
-
Testing your agent's connection to AWS
You can use your agent's local console to test your internet connection. This test can be useful when you are troubleshooting network issues with your agent.
To test your agent's connection to AWS DataSync endpoints
-
Log in to your agent's local console.
-
On the AWS DataSync Activation - Configuration main menu, enter
2
to begin testing network connectivity. -
Enter the service endpoint type that your agent is connecting to. Valid endpoint types include public, FIPS, and VPC endpoints that are using AWS PrivateLink.
When the agent is activated, the Test Network Connectivity option can be initiated without any additional user input, because the Region and endpoint type are taken from the activated agent information.
To test public endpoint connectivity, enter
1
, followed by the AWS Region in which your agent is activated. Connectivity test results against the correct endpoints for your agent's Region are displayed. For information about AWS Regions and endpoints, see Where can I use DataSync?.Each endpoint in the selected AWS Region displays either a PASSED or FAILED message.
To test FIPS endpoint connectivity, enter
2
, followed by the AWS Region in which your agent is activated. Connectivity test results against the correct endpoints for your agent's Region are displayed. For information about AWS Regions and endpoints, see Where can I use DataSync?.Each endpoint in the selected AWS Region displays either a PASSED or FAILED message.
To test VPC endpoint connectivity, enter
3
. Network connectivity test results for your agent's VPC endpoints are displayed.Each VPC endpoint displays either a PASSED or FAILED message.
For information about network and firewall requirements, see AWS DataSync network requirements.
Testing your agent's connection to your storage
You can test whether your DataSync agent can connect to the storage involved in your transfer. This test can help verify that you configured your transfer location correctly.
To test your agent's connection to your storage
-
Log in to your agent's local console.
-
On the AWS DataSync Activation - Configuration main menu, enter
3
. -
Enter one of the following options:
Enter
1
to test an NFS server connection.Enter
2
to test an SMB server connection.Enter
3
to test an object storage server connection.-
Enter
4
to test an HDFS connection. -
Enter
5
to test a Microsoft Azure Blob Storage connection.
-
Enter the storage server's IP address or domain name.
Remember the following when entering the IP address or domain name:
-
Don't include a protocol. For example, enter
mystorage.com
instead ofhttps://mystorage.com
. -
For HDFS, enter the IP address or domain name of the NameNode or DataNode in the Hadoop cluster.
-
-
If requested, enter the TCP port for connecting to the storage server (for example,
80
or443
).
You'll see if the connectivity test PASSED or FAILED.
Checking your agent's system resources
When you log in to your agent console, virtual CPU cores, root volume size, and RAM are automatically checked. If there are any errors or warnings, they're flagged on the console menu display with a banner that provides details about those errors or warnings.
If there are no errors or warnings when the console starts, the menu displays white
text. The View System Resource Check option will display
(0 Errors)
.
If there are errors or warnings, the console menu displays the number of errors and
warnings, in red and yellow respectively, in a banner across the top of the menu. For
example, (1 ERROR, 1 WARNING)
.
To check your agent's system resources
-
Log in to your agent's local console.
-
On the AWS DataSync Activation - Configuration main menu, enter
4
to view the results of the system resource check.The console displays an [OK], [WARNING], or [FAIL] message for each resource as described in the table following.
For Amazon EC2 instances, the system resource check verifies that the instance type is one of the instances recommended for use with DataSync. If the instance type matches that list, a single result is displayed in green text, as follows.
[ OK ] Instance Type Check
If the Amazon EC2 instance is not on the recommended list, the system resource check verifies the following resources.
-
CPU cores check: At least four cores are required.
-
Disk size check: A minimum of 80 GB of available disk space is required.
-
RAM check:
-
32 GB of RAM assigned to the instance for task executions working with up to 20 million files, objects, or directories.
-
64 GB of RAM assigned to the instance for task executions working with more than 20 million files, objects, or directories.
-
-
CPU flags check: The agent VM CPU must have either SSSE3 or SSE4 instruction set flags.
If the Amazon EC2 instance is not on the list of recommended instances for DataSync, but it has sufficient resources, the result of the system resource check displays four results, all in green text.
The same resources are verified for agents deployed in Hyper-V, Linux Kernel-based Virtual Machine (KVM), and VMware VMs.
VMware agents are also checked for supported version; unsupported versions cause a red banner error. Supported versions include VMware versions 6.5 and 6.7.
-
Synchronizing the time on your VMware agent
If you are using a VMware VM, you can view Network Time Protocol (NTP) server configurations and synchronize the VM time on your agent with your VMware hypervisor host.
To manage system time
-
Log in to your agent's local console.
-
On the AWS DataSync Activation - Configuration main menu, enter
5
to manage your system's time. -
On the System Time Management menu, enter
1
to view and synchronize the VM system time.To Do this View and synchronize your VM time with NTP server time Enter
1
.The current time of your agent is displayed. Your agent determines the time difference between your agent VM and your NTP server time, and prompts you to synchronize the agent time with NTP time.
After your agent is deployed and running, in some scenarios the agent's time can drift. For example, suppose that there is a prolonged network outage and your hypervisor host and agent don't get time updates. In this case, the agent's time is different from the true time. When there is a time drift, a discrepancy occurs between the stated times when operations such as snapshots occur and the actual times that the operations occur.
Edit your NTP server configuration Enter
2
.You are prompted to provide a preferred and a secondary NTP server.
View your NTP server configuration Enter
3
.Your NTP server configuration is displayed.
Configuring other agent settings
In a DataSync agent's local console, you can perform some maintenance tasks and diagnose issues with your agent.
To run a configuration or diagnostic command in your agent's local console
-
Log in to your agent's local console.
-
On the AWS DataSync Activation - Configuration main menu, enter
5
(or for6
a VMware VM) for the Command Prompt. -
Use the following commands to perform the following tasks with your agent.
Command Description dig
Look up DNS information about the host. diskclean
Perform disk cleanup. exit
Return to the console configuration menu. h
Display a list of available commands. ifconfig
Display or configure network interfaces. ip
Display or configure routing, devices, and tunnels. iptables
Set up and maintain IPv4 packet filtering and network address translation (NAT). ncport
Test connectivity to a specific network TCP port. nping
Get information to troubleshoot network issues. open-support-channel
Connect the agent to AWS Support. save-iptables
Save IP table firewall rules permanently. save-routing-table
Save a newly added routing table entry. sslcheck
Verify whether an SSL certificate is valid. tcptraceroute
Collect traceroute
output on TCP traffic to a destination. -
Follow the onscreen instructions.
Getting help with your agent from AWS Support
You can allow AWS Support to access your AWS DataSync agent and assist you with troubleshooting agent issues. By default, AWS Support access to your agent is disabled. You enable this access through the host's local console. To give AWS Support access to DataSync, you first log in to the local console for the host and then connect to the support server.
To log in to an agent running on Amazon EC2, create a rule for the instance's security group that opens TCP port 22 for Secure Shell (SSH) access.
Note
If you add a new rule to an existing security group, the new rule applies to all instances that use that security group. For more information about security groups and how to add a security group rule, see Amazon EC2 security groups for Linux instances in the Amazon EC2 User Guide for Linux Instances.
To enable AWS Support access to AWS DataSync
-
Log in to your host's local console.
If this is your first time logging in to the local console, see Accessing the agent's local console.
-
At the prompt, enter
5
to open the command prompt (for VMware VMs, use6
). -
Enter
h
to open the AVAILABLE COMMANDS window. -
In the AVAILABLE COMMANDS window, enter the following to connect to AWS Support:
open-support-channel
If you are using the agent with VPC endpoints, you must provide a VPC endpoint IP address for your support channel, as follows:
open-support-channel
vpc-ip-address
Your firewall must allow the outbound TCP port 22 to initiate a support channel to AWS. When you connect to AWS Support, DataSync assigns you a support number. Make a note of your support number.
Note
The channel number isn't a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port number. Instead, it makes an SSH (TCP 22) connection to servers and provides the support channel for the connection.
-
When the support channel is established, provide your support service number to AWS Support so that they can provide troubleshooting assistance.
-
When the support session is finished, press
Enter
to end it. -
Enter
exit
to log out of the DataSync local console. -
Follow the prompts to exit the local console.