Choosing a gateway type Choosing a host platform Choosing a service endpoint Connecting to your gateway Activating the gateway Configuring local disks Configuring Amazon CloudWatch logging Verifying VMware High Availability (VMware HA clusters only)

Creating a gateway

Note

The documentation for the file gateway that supports a file interface into Amazon Simple Storage Service has moved to What is Amazon S3 File Gateway?.

In this section, you can find instructions about how to create, deploy, and activate a file gateway.

Topics

Choosing a gateway type
Choosing a host platform and downloading the VM
Choosing a service endpoint
Connecting to the gateway
Activating the gateway
Configuring local disks
Configuring Amazon CloudWatch logging
Verifying VMware High Availability (VMware HA clusters only)

Note

A new console interface is available for gateway creation. Choose either the New Console or the Original Console instructions based on the console that you are using.

Choosing a gateway type

With a file gateway, you store and retrieve objects in Amazon S3 with a local cache for low latency access to your most recently used data.

To choose a gateway type

Open the AWS Management Console at https://console.aws.amazon.com/storagegateway/home/, and choose the AWS Region that you want to create your gateway in.

If you have previously created a gateway in this AWS Region, the console shows your gateway. Otherwise, the service homepage appears.
If you haven't created a gateway in the AWS Region that you chose, choose Get started. If you already have a gateway in the AWS Region that you chose, choose Gateways from the navigation pane, and then choose Create gateway.
For Select gateway type, choose File gateway, and then choose Next.

Choosing a host platform and downloading the VM

If you create your gateway on-premises, you deploy the hardware appliance, or download and deploy a gateway VM, and then activate the gateway. If you create your gateway on an Amazon EC2 instance, you launch an Amazon Machine Image (AMI) that contains the gateway VM image and then activate the gateway. For information about supported host platforms, see Supported hypervisors and host requirements.

Note

You can run only file, cached volume, and tape gateways on an Amazon EC2 instance.

To choose a host platform and download the VM

For Select host platform, choose the virtualization platform that you want to run your gateway on.
Do one of the following:
- If you choose the hardware appliance, activate it by following the instructions in Activating your hardware appliance.
- If you choose one of the other options, choose Download image next to your virtualization platform to download a .zip file that contains the .ova file for your virtualization platform.
  
  Note
  
  The .zip file is over 500 MB in size and might take some time to download, depending on your network connection.
  
  For Amazon EC2, you create an instance from the provided AMI.
If you choose a hypervisor option, deploy the downloaded image to your hypervisor. Add at least one local disk for your cache and one local disk for your upload buffer during the deployment. A file gateway requires only one local disk for a cache. For information about local disk requirements, see Hardware and storage requirements.

Depending your hypervisor, set certain options:
- If you choose VMware, do the following:
  - Store your disk using the Thick provisioned format option. When you use thick provisioning, the disk storage is allocated immediately, resulting in better performance. In contrast, thin provisioning allocates storage on demand. On-demand allocation can affect the normal functioning of AWS Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in thick-provisioned format.
  - Configure your gateway VM to use paravirtualized disk controllers. For more information, see Configuring the AWS Storage Gateway VM to Use Paravirtualized Disk Controllers.
- If you choose Microsoft Hyper-V, do the following:
  - Configure the disk type using the Fixed size option. When you use fixed-size provisioning, the disk storage is allocated immediately, resulting in better performance. If you don't use fixed-size provisioning, the storage is allocated on demand. On-demand allocation can affect the functioning of Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in fixed-size provisioned format.
  - When allocating disks, choose virtual hard disk (.vhd) file. Storage Gateway supports the .vhdx file type. By using this file type, you can create larger virtual disks than with other file types. If you create a .vhdx type virtual disk, make sure that the size of the virtual disks that you create doesn't exceed the recommended disk size for your gateway.
- If you choose Linux Kernel-bases Virtual Machine (KVM), do the following:
  - Don't configure your disk to use sparse formatting. When you use fixed-size (nonsparse) provisioning, the disk storage is allocated immediately, resulting in better performance.
  - Use the parameter sparse=false to store your disk in nonsparse format when creating new virtual disks in the VM with the virt-install command for provisioning new virtual machines.
  - Use virtio drivers for disk and network devices.
  - We recommend that you don't set the current_memory option. If necessary, set it equal to the RAM provisioned to the gateway in the --ram parameter.
  Following is an example virt-install command for installing KVM.
```
virt-install --name "SGW_KVM" --description "SGW KVM" --os-type=generic --ram=32768 --vcpus=16 --disk path=fgw-kvm.qcow2,bus=virtio,size=80,sparse=false --disk path=fgw-kvm-cache.qcow2,bus=virtio,size=1024,sparse=false --network default,model=virtio --graphics none --import
```

Note

For VMware, Microsoft Hyper-V, and KVM, synchronizing the VM time with the host time is required for successful gateway activation. Make sure that your host clock is set to the correct time and synchronize it with a Network Time Protocol (NTP) server.

For information about deploying your gateway to an Amazon EC2 host, see Deploying a file gateway on an Amazon EC2 host.

Choosing a service endpoint

You can activate your gateway using:

A public service endpoint and have your gateway communicate with AWS storage services over the public internet.
A Federal Information Processing Standards (FIPS) compliant public service endpoint and have your gateway communicate with AWS storage services over the public internet.
A public service endpoint and have your gateway communicate with AWS storage services using a virtual private cloud (VPC) endpoint, which is private.

Note

If you use a VPC endpoint, all VPC endpoint communication from your gateway to AWS services occurs through the public service endpoint using your VPC in AWS.

New Console

To choose a service endpoint

For Select service endpoint, choose one of the following:
- To have your gateway access AWS services over the public internet using a public service endpoint, choose Public.
- To have your gateway access AWS services over the public internet using a public service endpoint that complies with FIPS, choose FIPS.
  
  If you require FIPS 140-2 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS endpoint. For more information about the available FIPS endpoints, see Federal Information Processing Standard (FIPS) 140-2.
- To have your gateway access AWS services over a private VPC endpoint connection using a public service endpoint, choose VPC.
Note

The FIPS service endpoint is only available in some AWS Regions. For more information, see AWS Storage Gateway endpoints and quotas in the AWS General Reference.

This procedure assumes that you are activating your gateway with a public endpoint. For information about how to activate a gateway using a VPC endpoint, see Activating a gateway in a virtual private cloud.
Choose Next to connect and activate your gateway.

Original Console

To choose a service endpoint

For Endpoint type, choose one of the following:
- To have your gateway access AWS services over the public internet using a public service endpoint, choose Public.
- To have your gateway access AWS services over the public internet using a public service endpoint that complies with FIPS, choose FIPS.
  
  If you require FIPS 140-2 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS endpoint. For more information about the available FIPS endpoints, see Federal Information Processing Standard (FIPS) 140-2.
- To have your gateway access AWS services over a private VPC endpoint connection using a public service endpoint, choose VPC.
Note

The FIPS service endpoint is only available in some AWS Regions. For more information, see AWS Storage Gateway endpoints and quotas in the AWS General Reference.

This procedure assumes that you are activating your gateway with a public endpoint. For information about how to activate a gateway using a VPC endpoint, see Activating a gateway in a virtual private cloud.
Choose Next to connect and activate your gateway.

Connecting to the gateway

To connect to your gateway, first get the IP address or activation key of your gateway VM. You use the IP address or activation key to activate your gateway. For gateways deployed and activated on an on-premises host, you can get the IP address or activation key from your gateway VM local console or your hypervisor client. For gateways deployed and activated on an Amazon EC2 instance, you can get the IP address or activation key from the Amazon EC2 console.

The activation process associates your gateway with your AWS account. Your gateway VM must be running for activation to succeed.

Note

Make sure that you select the correct gateway type. The .ova files and Amazon Machine Images (AMIs) for the gateway types are different and are not interchangeable.

To get the IP address or activation key for your gateway VM from the local console

Log on to your gateway VM local console. For detailed instructions, see the following:
- VMware ESXi – Accessing the Gateway Local Console with VMware ESXi.
- Microsoft Hyper-V – Access the Gateway Local Console with Microsoft Hyper-V.
- Linux KVM – Accessing the Gateway Local Console with Linux KVM.
Get the IP address from the top of the menu page, and note it for later use.

To get the IP address or activation key from an EC2 instance

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, choose Instances, and then choose the EC2 instance.
Choose the Details tab at the bottom, and then note the IP address or activation key. You use one of these to activate the gateway.

Note

For activation with an IP address, you can use the public or private IP address assigned to a gateway. You must be able to reach the IP address that you use from the browser from which you perform the activation.

New Console

To associate your gateway with your AWS account

For Connect to gateway, choose one of the following:
- IP address
- Activation key
Enter the IP address or activation key of your gateway, and then choose Next.

Original Console

To associate your gateway with your AWS account

If the Connect to gateway page isn't already open, open the console and navigate to that page.
Type the IP address of your gateway for IP address, and then choose Connect gateway.

For detailed information about how to get a gateway IP address, see Connecting to Your Gateway.

Activating the gateway

The following, shown on the activation page, are the gateway settings that you selected. The activation page appears after you associate your gateway with your AWS account, as described preceding.

Gateway type specifies the type of gateway that you are activating.
Endpoint type specifies the type of endpoint that you selected for your gateway.
AWS Region specifies the AWS Region where your gateway will be activated and where your data will be stored. If Endpoint type is VPC, the AWS Region should be same as the Region where your VPC endpoint is located.

New console

To activate your gateway

In Activate gateway, do the following:
- For Gateway time zone, select a time zone to use for your gateway.
- For Gateway name, enter a name to identify your gateway. You use this name to manage your gateway in the console; you can change it after the gateway is activated. This name must be unique to your account.
  
  Note
  
  The gateway name must be between 2 and 255 characters in length.
(Optional) For Add tags, enter a key and value to add tags to your gateway. A tag is a case-sensitive key-value pair that helps you manage, filter, and search for your gateway.
Choose Activate gateway.

Original console

To activate your gateway

To complete the activation process, provide information on the activation page to configure your gateway setting:
- Gateway time zone specifies the time zone to use for your gateway.
- Gateway name identifies your gateway. You use this name to manage your gateway in the console; you can change it after the gateway is activated. This name must be unique to your account.
(Optional) In the Add tags section, enter a key and value to add tags to your gateway. A tag is a case-sensitive key-value pair that helps you manage, filter, and search for your gateway.
Choose Activate gateway.

If activation isn't successful, see Troubleshooting your gateway for possible solutions.

Configuring local disks

When you deployed the VM, you allocated local disks for your gateway. Now you configure your gateway to use these disks. For information about using ephemeral storage, see Using ephemeral storage with EC2 gateways.

To configure local disks

For Configure local disks, identify the disks that you added and decide which ones to allocate for cached storage. For information about disk size limits, see Recommended local disk sizes for your gateway.
For Allocated to, choose Cache for the disk that you want to configure as cache storage.

If you don't see your disks, choose Refresh.
Choose Save and continue to save your configuration settings.

Configuring Amazon CloudWatch logging

To notify you about the health of your file gateway and its resources, you can configure an Amazon CloudWatch log group. For more information, see Getting file gateway health logs with CloudWatch Log Groups.

New Console

To configure a CloudWatch log group for your file gateway

For Configure logging - optional, choose one of the following:
- Disable logging if you don't want to monitor your gateway using CloudWatch log groups.
- Create a new log group to create a new CloudWatch log group.
- Use an existing log group to use a CloudWatch log group that already exists.
  
  Choose a log group from the Existing log group list.
Choose Save and continue to save your configuration settings.

Original Console

To configure a CloudWatch log group for your file gateway

In the Gateway Log Group wizard, choose the Create new Log Group link to create a new log group. You are directed to the CloudWatch console to create one. If you already have a CloudWatch log group that you want to use to monitor your gateway, choose that group for Gateway Log Group.
If you create a new log group, choose the refresh button to view the new log group in the list.
If your gateway is deployed on a VMware host that is enabled for VMware High Availability (HA) cluster, you're prompted to verify and test the VMware HA configuration. In this case, choose Verify VMware HA. Otherwise, choose Save and Continue.

Verifying VMware High Availability (VMware HA clusters only)

If your gateway is not deployed on a VMware host that is enabled for VMware High Availability (HA), you can skip this section.

If your gateway is deployed on a VMware host that is enabled for VMware High Availability (HA) cluster, you can either test the configuration when activating the gateway or after your gateway is activated. The following instructions show you how to test the configuration during activation.

New Console

To test for VMware HA

For Verify VMware High Availability configuration, choose Next. Verification can take up to two minutes to complete.

If the test is successful, a message that indicates a successful test is displayed in the banner. If the test fails, a failed message is displayed. You can make changes in your vSphere configuration and repeat the test.
To repeat the test, on the Gateways dashboard, choose your gateway, and then for Actions, choose Verify VMware High Availability.

Original Console

To test for VMware HA

On the Verify VMware High Availability Configuration page, choose Verify VMware HA. This can take up to two minutes to complete.
If the test is successful, a message that indicates a successful test is displayed in the banner. If the test fails, a failed message is displayed. You can make changes in your vSphere configuration and repeat the test.
To repeat the test, for Actions choose Verify VMware HA.

For information about how to configure your gateway for VMware HA, see Using VMware vSphere High Availability with AWS Storage Gateway.

Next Step

Creating a file share

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Creating a file gateway

Creating a file share