Performing tasks on the virtual machine local console

For a File Gateway deployed on-premises, you can perform the following maintenance tasks using the VM host's local console. These tasks are common to VMware, Microsoft Hyper-V, and Linux Kernel-based Virtual Machine (KVM) hypervisors.

Logging in to the File Gateway local console

When the VM is ready for you to log in, the login screen is displayed. If this is your first time logging in to the local console, you use the default sign-in credentials to log in. These default login credentials give you access to menus where you can configure gateway network settings and change the password from the local console. AWS Storage Gateway allows you to set your own password from the Storage Gateway console instead of changing the password from the local console. You don't need to know the default password to set a new password. For more information, see Setting the local console password from the Storage Gateway console.

To log in to the gateway's local console

• If this is your first time logging in to the local console, log in to the VM with the default credentials. The default user name is admin and the password is password. Otherwise, use your credentials to log in.

  Note

  We recommend changing the default password by entering the corresponding numeral for Gateway Console from the AWS Appliance Activation - Configuration main menu, then running the passwd command. For information about how to run the command, see Running Storage Gateway commands on the local console. You can also set the password from the Storage Gateway console. For more information, see Setting the local console password from the Storage Gateway console.

Setting the local console password from the Storage Gateway console

When you log in to the local console for the first time, you log in to the VM with the default credentials. For all types of gateways, you use default credentials. The user name is admin and the password is password.

We recommend that you always set a new password immediately after you create your new gateway. You can set this password from the AWS Storage Gateway console rather than the local console if you want. You don't need to know the default password to set a new password.

To set the local console password on the Storage Gateway console

1. Open the Storage Gateway console at https://console.aws.amazon.com/storagegateway/home.

2. On the navigation pane, choose Gateways, and then choose the gateway for which you want to set a new password.

3. For Actions, choose Set Local Console Password.

4. In the Set Local Console Password dialog box, enter a new password, confirm the password, and then choose Save.

   Your new password replaces the default password. Storage Gateway doesn't save the password but rather safely transmits it to the VM.

   Note

   The password can consist of any character on the keyboard and can be 1–512 characters long.

Configuring an HTTP proxy

File Gateways support configuration of an HTTP proxy.

Note

The only proxy configuration that File Gateways support is HTTP.

If your gateway must use a proxy server to communicate to the internet, then you need to configure the HTTP proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, Storage Gateway routes all AWS endpoint traffic through your proxy server. Communications between the gateway and endpoints is encrypted, even when using the HTTP proxy. For information about network requirements for your gateway, see Network and firewall requirements.

To configure an HTTP proxy for a File Gateway

1. Log in to your gateway's local console:

   • For more information on logging in to the VMware ESXi local console, see Accessing the Gateway Local Console with VMware ESXi.

   • For more information on logging in to the Microsoft Hyper-V local console, see Access the Gateway Local Console with Microsoft Hyper-V.

   • For more information on logging in to the local console for the Linux Kernel-Based Virtual Machine (KVM), see Accessing the Gateway Local Console with Linux KVM.

2. From the AWS Appliance Activation - Configuration main menu, enter the corresponding numeral to select Configure HTTP Proxy.

3. From the AWS Appliance Activation HTTP Proxy Configuration menu, enter the corresponding numeral for the task you want to perform:

   • Configure HTTP proxy - You will need to supply a host name and port to complete configuration.

   • View current HTTP proxy configuration - If an HTTP proxy is not configured, the message HTTP Proxy not configured is displayed. If an HTTP proxy is configured, the host name and port of the proxy are displayed.

   • Remove an HTTP proxy configuration - The message HTTP Proxy Configuration Removed is displayed.

4. Restart your VM to apply your HTTP configuration settings.

Configuring your gateway network settings

The default network configuration for the gateway is Dynamic Host Configuration Protocol (DHCP). With DHCP, your gateway is automatically assigned an IP address. In some cases, you might need to manually assign your gateway's IP as a static IP address, as described following.

To configure your gateway to use static IP addresses

1. Log in to your gateway's local console:

   • For more information on logging in to the VMware ESXi local console, see Accessing the Gateway Local Console with VMware ESXi.

   • For more information on logging in to the Microsoft Hyper-V local console, see Access the Gateway Local Console with Microsoft Hyper-V.

   • For more information on logging in to the KVM local console, see Accessing the Gateway Local Console with Linux KVM.

2. From the AWS Appliance Activation - Configuration main menu, enter the corresponding numeral to select Network Configuration.

3. From the Network Configuration menu, perform one of the following tasks:

   To Perform This Task	Do This
   Get information about your network adapter	Enter the corresponding numeral to select Describe Adapter. A list of adapter names appears, and you are prompted to enter an adapter name—for example, eth0. If the adapter you specify is in use, the following information about the adapter is displayed: Media access control (MAC) address IP address Netmask Gateway IP address DHCP enabled status You use the adapter names listed here when you configure a static IP address or when you set your gateway's default adapter.
   Configure DHCP routing	Enter the corresponding numeral to select Configure DHCP. You are prompted to configure the network interface to use DHCP.
   Configure a static IP address for your gateway	Enter the corresponding numeral to select Configure Static IP. You are prompted to enter the following information to configure a static IP: Network adapter name IP address Netmask Default gateway address Primary Domain Name Service (DNS) address Secondary DNS address Important If your gateway has already been activated, you must shut it down and restart it from the Storage Gateway console for the settings to take effect. For more information, see Shutting down your gateway VM. If your gateway uses more than one network interface, you must set all active interfaces to use DHCP or static IP addresses. For example, suppose that your gateway VM uses two interfaces configured as DHCP. If you later set one interface to a static IP, the other interface is deactivated. To activate the interface in this case, you must set it to a static IP. If both interfaces are initially set to use static IP addresses and you then set the gateway to use DHCP, both interfaces use DHCP.
   Configure a hostname for your gateway	Enter the corresponding numeral to select Configure Hostname. You are prompted to choose whether the gateway will use a static hostname that you specify, or aquire one automatically through DCHP or rDNS. Note If you configure a static hostname for your gateway, you must create an A record in your DNS system that points the gateway's IP address to its static hostname.
   View your gateway's hostname configuration	Enter the corresponding numeral to select View Hostname Configuration. Your gateway's hostname, aquisition mode, domain, and Active Directory realm are displayed.
   Reset all your gateway's network configuration to DHCP	Enter the corresponding numeral to select Reset all to DHCP. All network interfaces are set to use DHCP. Important If your gateway has already been activated, you must shut down and restart your gateway from the Storage Gateway console for the settings to take effect. For more information, see Shutting down your gateway VM.
   Set your gateway's default route adapter	Enter the corresponding numeral to select Set Default Adapter. The available adapters for your gateway are shown, and you are prompted to choose one of the adapters—for example, eth0.
   Edit your gateway's DNS configuration	Enter the corresponding numeral to select Edit DNS Configuration. The available adapters of the primary and secondary DNS servers are displayed. You are prompted to provide the new IP address.
   View your gateway's DNS configuration	Enter the corresponding numeral to select View DNS Configuration. The available adapters of the primary and secondary DNS servers are displayed. Note For some versions of the VMware hypervisor, you can edit the adapter configuration in this menu.
   View routing tables	Enter the corresponding numeral to select View Routes. The default route of your gateway is displayed.

Testing your gateway's network connectivity

You can use your gateway's local console to test your network connectivity. This test can be useful when you are troubleshooting network issues with your gateway.

To test your gateway's network connectivity

1. Log in to your gateway's local console:

   • For more information on logging in to the VMware ESXi local console, see Accessing the Gateway Local Console with VMware ESXi.

   • For more information on logging in to the Microsoft Hyper-V local console, see Access the Gateway Local Console with Microsoft Hyper-V.

   • For more information on logging in to the KVM local console, see Accessing the Gateway Local Console with Linux KVM.

2. From the AWS Appliance Activation - Configuration main menu, enter the corresponding numeral to select Test Network Connectivity.

   If your gateway has already been activated, the connectivity test begins immediately. For gateways that have not yet been activated, you must specify the endpoint type and AWS Region as described in the following steps.

3. If your gateway is not yet activated, enter the corresponding numeral to select the endpoint type for your gateway.

4. If you selected the public endpoint type, enter the corresponding numeral to select the AWS Region that you want to test. For supported AWS Regions and a list of AWS service endpoints you can use with Storage Gateway, see AWS Storage Gateway endpoints and quotas in the AWS General Reference.

As the test progresses, each endpoint displays either [PASSED] or [FAILED], indicating the status of the connection as follows:

Message	Description
[PASSED]	Storage Gateway has network connectivity.
[FAILED]	Storage Gateway does not have network connectivity.

Viewing your gateway system resource status

When your gateway starts, it checks its virtual CPU cores, root volume size, and RAM. It then determines whether these system resources are sufficient for your gateway to function properly. You can view the results of this check on the gateway's local console.

To view the status of a system resource check

1. Log in to your gateway's local console:

   • For more information on logging in to the VMware ESXi console, see Accessing the Gateway Local Console with VMware ESXi.

   • For more information on logging in to the Microsoft Hyper-V local console, see Access the Gateway Local Console with Microsoft Hyper-V.

   • For more information on logging in to the KVM local console, see Accessing the Gateway Local Console with Linux KVM.

2. From the AWS Appliance Activation - Configuration main menu, enter the corresponding numeral to select View System Resource Check.

   Each resource displays [OK], [WARNING], or [FAIL], indicating the status of the resource as follows:

   Message	Description
   [OK]	The resource has passed the system resource check.
   [WARNING]	The resource doesn't meet the recommended requirements, but your gateway can continue to function. Storage Gateway displays a message that describes the results of the resource check.
   [FAIL]	The resource doesn't meet the minimum requirements. Your gateway might not function properly. Storage Gateway displays a message that describes the results of the resource check.

   The console also displays the number of errors and warnings next to the resource check menu option.

Configuring a Network Time Protocol (NTP) server for your gateway

You can view and edit Network Time Protocol (NTP) server configurations and synchronize the VM time on your gateway with your hypervisor host.

To manage system time

1. Log in to your gateway's local console:

   • For more information on logging in to the VMware ESXi local console, see Accessing the Gateway Local Console with VMware ESXi.

   • For more information on logging in to the Microsoft Hyper-V local console, see Access the Gateway Local Console with Microsoft Hyper-V.

   • For more information on logging in to the KVM local console, see Accessing the Gateway Local Console with Linux KVM.

2. From the AWS Appliance Activation - Configuration main menu, enter the corresponding numeral to select System Time Management.

3. From the System Time Management menu, enter the corresponding numeral to perform one of the following tasks.

   To Perform This Task	Do This
   View and synchronize your VM time with NTP server time.	Enter the corresponding numeral to select View and Synchronize System Time. The current time of your VM is displayed. Your File Gateway determines the time difference from your gateway VM, and your NTP server time prompts you to synchronize the VM time with NTP time. After your gateway is deployed and running, in some scenarios the gateway VM's time can drift. For example, suppose that there is a prolonged network outage and your hypervisor host and gateway don't get time updates. In this case, the gateway VM's time is different from the true time. When there is a time drift, a discrepancy occurs between the stated times when operations such as snapshots occur and the actual times that the operations occur. For a gateway deployed on VMware ESXi, setting the hypervisor host time and synchronizing the VM time to the host is sufficient to avoid time drift. For more information, see Synchronizing VM Time with Host Time. For a gateway deployed on Microsoft Hyper-V, you should periodically check your VM's time. For more information, see Synchronizing Your Gateway VM Time. For a gateway deployed on KVM, you can check and synchronize the VM time using virsh command line interface for KVM.
   Edit your NTP server configuration	Enter the corresponding numeral to select Edit NTP Configuration. You are prompted to provide a preferred and a secondary NTP server.
   View your NTP server configuration	Enter the corresponding numeral to select View NTP Configuration. Your NTP server configuration is displayed.

Running Storage Gateway commands on the local console

The VM local console in Storage Gateway helps provide a secure environment for configuring and diagnosing issues with your gateway. Using the local console commands, you can perform maintenance tasks such as saving routing tables, connecting to AWS Support, and so on.

To run a configuration or diagnostic command

1. Log in to your gateway's local console:

   • For more information on logging in to the VMware ESXi local console, see Accessing the Gateway Local Console with VMware ESXi.

   • For more information on logging in to the Microsoft Hyper-V local console, see Access the Gateway Local Console with Microsoft Hyper-V.

   • For more information on logging in to the KVM local console, see Accessing the Gateway Local Console with Linux KVM.

2. From the AWS Appliance Activation - Configuration main menu, enter the corresponding numeral to select Gateway Console.

3. From the gateway console command prompt, enter h.

   The console displays the AVAILABLE COMMANDS menu, which lists the available commands:

   Command	Function
   dig	Collect output from dig for DNS troubleshooting.
   exit	Return to Configuration menu.
   h	Display available command list.
   ifconfig	View or configure network interfaces. Note We recommend configuring network or IP settings using the Storage Gateway console or the dedicated local console menu option. For instructions, see Configuring your gateway network settings.
   ip	Show / manipulate routing, devices, and tunnels. Note We recommend configuring network or IP settings using the Storage Gateway console or the dedicated local console menu option. For instructions, see Configuring your gateway network settings.
   iptables	Administration tool for IPv4 packet filtering and NAT.
   ncport	Test connectivity to a specific TCP port on a network.
   nping	Collect output from nping for network troubleshooting.
   open-support-channel	Connect to AWS Support. For instructions on how to turn on AWS support access, see You want AWS Support to help troubleshoot your EC2 gateway.
   passwd	Update authentication tokens.
   save-iptables	Persist IP tables.
   save-routing-table	Save newly added routing table entry.
   tcptraceroute	Collect traceroute output on TCP traffic to a destination.
   sslcheck	Returns output with certificate issuer Note Storage Gateway uses certificate issuer verification for its working and doesn't support ssl inspection. If this command has an issuer other than aws-appliance@amazon.com, then it is likely that there is an appliance performing an ssl inspection. In that case, you can bypass ssl inspection for Storage Gateway Appliance.

4. From the gateway console command prompt, enter the corresponding command for the function you want to use, and follow the instructions.

To learn about a command, enter man + command name at the command prompt.