Creating a Gateway - AWS Storage Gateway
Choosing a Gateway TypeChoosing a Host Platform and Downloading the VMChoosing a Service EndpointConnecting to Your GatewayActivating Your GatewayConfiguring Local DisksConfiguring Amazon CloudWatch LoggingVerifying VMware High Availability (VMware HA Clusters Only)

Creating a Gateway

In this section, you can find instructions about how to download, deploy, and activate a tape gateway.

Choosing a Gateway Type

For a tape gateway, you store and archive your data on virtual tapes in AWS. A tape gateway eliminates some of the challenges associated with owning and operating an on-premises physical tape infrastructure.

New console

To create a tape gateway

  1. Open the Amazon Web Services Management Console at https://console.aws.amazon.com/storagegateway/home, and choose Create gateway.

  2. On the Select gateway type page, choose Tape gateway, and then choose Next.

Original console

To create a tape gateway

  1. Open the Amazon Web Services Management Console at https://console.aws.amazon.com/storagegateway/home, and choose the AWS Region that you want to create your gateway in.

    If you have previously created a gateway in this AWS Region, the console shows your gateway. Otherwise, the console home page appears.

  2. If you haven't created a gateway in the AWS Region you selected, choose Get started. If you already have a gateway in the AWS Region you selected, choose Gateways from the navigation pane, and then choose Create gateway.

  3. On the Select gateway type page, choose Tape gateway, and then choose Next.

Choosing a Host Platform and Downloading the VM

If you create your gateway on-premises, you deploy the hardware appliance, or download and deploy a gateway VM, and then activate the gateway. If you create your gateway on an Amazon EC2 instance, you launch an Amazon Machine Image (AMI) that contains the gateway VM image and then activate the gateway. For information about supported host platforms, see Supported hypervisors and host requirements.

Note

You can run only file, cached volume, and tape gateways on an Amazon EC2 instance.

To choose a host platform and download the VM

  1. For Select host platform, choose the virtualization platform that you want to run your gateway on.

  2. Do one of the following:

    • If you choose the hardware appliance, activate it by following the instructions in Activating your hardware appliance.

    • If you choose one of the other options, choose Download image next to your virtualization platform to download a .zip file that contains the .ova file for your virtualization platform.

      Note

      The .zip file is over 500 MB in size and might take some time to download, depending on your network connection.

      For Amazon EC2, you create an instance from the provided AMI.

  3. If you choose a hypervisor option, deploy the downloaded image to your hypervisor. Add at least one local disk for your cache and one local disk for your upload buffer during the deployment. A file gateway requires only one local disk for a cache. For information about local disk requirements, see Hardware and storage requirements.

    Depending your hypervisor, set certain options:

    • If you choose VMware, do the following:

      • Store your disk using the Thick provisioned format option. When you use thick provisioning, the disk storage is allocated immediately, resulting in better performance. In contrast, thin provisioning allocates storage on demand. On-demand allocation can affect the normal functioning of Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in thick-provisioned format.

      • Configure your gateway VM to use paravirtualized disk controllers. For more information, see Configuring the AWS Storage Gateway VM to Use Paravirtualized Disk Controllers.

    • If you choose Microsoft Hyper-V, do the following:

      • Configure the disk type using the Fixed size option. When you use fixed-size provisioning, the disk storage is allocated immediately, resulting in better performance. If you don't use fixed-size provisioning, the storage is allocated on demand. On-demand allocation can affect the functioning of Storage Gateway. For Storage Gateway to function properly, the VM disks must be stored in fixed-size provisioned format.

      • When allocating disks, choose virtual hard disk (.vhd) file. Storage Gateway supports the .vhdx file type. By using this file type, you can create larger virtual disks than with other file types. If you create a .vhdx type virtual disk, make sure that the size of the virtual disks that you create doesn't exceed the recommended disk size for your gateway.

    • If you choose Linux Kernel-bases Virtual Machine (KVM), do the following:

      • Don't configure your disk to use sparse formatting. When you use fixed-size (nonsparse) provisioning, the disk storage is allocated immediately, resulting in better performance.

      • Use the parameter sparse=false to store your disk in nonsparse format when creating new virtual disks in the VM with the virt-install command for provisioning new virtual machines.

      • Use virtio drivers for disk and network devices.

      • We recommend that you don't set the current_memory option. If necessary, set it equal to the RAM provisioned to the gateway in the --ram parameter.

      Following is an example virt-install command for installing KVM. 

      virt-install --name "SGW_KVM" --description "SGW KVM" --os-type=generic --ram=32768 --vcpus=16 --disk path=fgw-kvm.qcow2,bus=virtio,size=80,sparse=false --disk path=fgw-kvm-cache.qcow2,bus=virtio,size=1024,sparse=false --network default,model=virtio --graphics none --import
Note

For VMware, Microsoft Hyper-V, and KVM, synchronizing the VM time with the host time is required for successful gateway activation. Make sure that your host clock is set to the correct time and synchronize it with a Network Time Protocol (NTP) server.

For information about deploying your gateway to an Amazon EC2 host, see Deploy your gateway to an Amazon EC2 host.

Choosing a Service Endpoint

You can activate your gateway using:

  • A public service endpoint and have your gateway communicate with AWS storage services over the public internet.

  • A Federal Information Processing Standards (FIPS) compliant public service endpoint and have your gateway communicate with AWS storage services over the public internet.

  • A public service endpoint and have your gateway communicate with AWS storage services using a virtual private cloud (VPC) endpoint, which is private.

Note

If you use a VPC endpoint, all VPC endpoint communication from your gateway to AWS services occurs through the public service endpoint using your VPC in AWS.

New Console

To choose a service endpoint

  1. For Select service endpoint, choose one of the following:

    • To have your gateway access AWS services over the public internet using a public service endpoint, choose Public.

    • To have your gateway access AWS services over the public internet using a public service endpoint that complies with FIPS, choose FIPS.

      If you require FIPS 140-2 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS endpoint. For more information about the available FIPS endpoints, see Federal Information Processing Standard (FIPS) 140-2.

    • To have your gateway access AWS services over a private VPC endpoint connection using a public service endpoint, choose VPC.

    Note

    The FIPS service endpoint is only available in some AWS Regions. For more information, see Storage Gateway endpoints and quotas in the AWS General Reference.

    This procedure assumes that you are activating your gateway with a public endpoint. For information about how to activate a gateway using a VPC endpoint, see Activating a gateway in a virtual private cloud.

  2. Choose Next to connect and activate your gateway.

Original Console

To choose a service endpoint

  1. For Endpoint type, choose one of the following:

    • To have your gateway access AWS services over the public internet using a public service endpoint, choose Public.

    • To have your gateway access AWS services over the public internet using a public service endpoint that complies with FIPS, choose FIPS.

      If you require FIPS 140-2 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS endpoint. For more information about the available FIPS endpoints, see Federal Information Processing Standard (FIPS) 140-2.

    • To have your gateway access AWS services over a private VPC endpoint connection using a public service endpoint, choose VPC.

    Note

    The FIPS service endpoint is only available in some AWS Regions. For more information, see Storage Gateway endpoints and quotas in the AWS General Reference.

    This procedure assumes that you are activating your gateway with a public endpoint. For information about how to activate a gateway using a VPC endpoint, see Activating a gateway in a virtual private cloud.

  2. Choose Next to connect and activate your gateway.

Connecting to Your Gateway

To connect to your gateway, first get the IP address or activation key of your gateway VM. You use the IP address or activation key to activate your gateway. For gateways deployed and activated on an on-premises host, you can get the IP address or activation key from your gateway VM local console or your hypervisor client. For gateways deployed and activated on an Amazon EC2 instance, you can get the IP address or activation key from the Amazon EC2 console.

The activation process associates your gateway with your AWS account. Your gateway VM must be running for activation to succeed.

Note

Make sure that you select the correct gateway type. The .ova files and Amazon Machine Images (AMIs) for the gateway types are different and are not interchangeable.

To get the IP address or activation key for your gateway VM from the local console

  1. Log on to your gateway VM local console. For detailed instructions, see the following:

  2. Get the IP address from the top of the menu page, and note it for later use.

To get the IP address or activation key from an EC2 instance

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances, and then choose the EC2 instance.

  3. Choose the Details tab at the bottom, and then note the IP address or activation key. You use one of these to activate the gateway.

Note

For activation with an IP address, you can use the public or private IP address assigned to a gateway. You must be able to reach the IP address that you use from the browser from which you perform the activation.

New Console

To associate your gateway with your AWS account

  1. For Connect to gateway, choose one of the following:

    • IP address

    • Activation key

  2. Enter the IP address or activation key of your gateway, and then choose Next.

Original Console

To associate your gateway with your AWS account

  1. If the Connect to gateway page isn't already open, open the console and navigate to that page.

  2. Type the IP address of your gateway for IP address, and then choose Connect gateway.

For detailed information about how to get a gateway IP address, see Connecting to Your Gateway.

Activating Your Gateway

The following, shown on the activation page, are the gateway settings that you selected. The activation page appears after you associate your gateway with your Amazon Web Services account, as described preceding.

  • Gateway type specifies the type of gateway that you are activating.

  • Endpoint type specifies the type of endpoint that you selected for your gateway.

  • AWS Region specifies the AWS Region where your gateway will be activated and where your data will be stored. If Endpoint type is VPC, the AWS Region should be same as the Region where your VPC endpoint is located.

New Console

To activate your gateway

  1. In Activate gateway, do the following:

    • For Gateway time zone, select a time zone to use for your gateway.

    • For Gateway name, enter a name to identify your gateway. You use this name to manage your gateway in the console; you can change it after the gateway is activated. This name must be unique to your account.

      Note

      The gateway name must be between 2 and 255 characters in length.

    • For Backup application, select the backup application you want to use. Storage Gateway automatically chooses a compatible medium changer for your backup application. If your backup application is not listed, choose Other and choose a medium changer type. Medium changer type specifies the type of medium changer to use for your backup application. For a list of available backup applications, see Backup applications.

      The type of medium changer you choose depends on the backup application you plan to use. The following table lists third-party backup applications that have been tested and found to be compatible with tape gateways. This table includes the medium changer type recommended for each backup application.

      Tape drive type specifies the type of tape drive used by this gateway.

  2. (Optional) For Add tags, enter a key and value to add tags to your gateway. A tag is a case-sensitive key-value pair that helps you manage, filter, and search for your gateway.

  3. Choose Activate gateway.

Original Console

To configure your gateway settings

  1. Locate the gateway type, endpoint type, and AWS Region that you selected, which are shown on the activation page.

  2. Enter the information listed on the activation page to configure your gateway settings and complete the activation process.

    The following screenshot shows the activation page for tape gateways.

    • AWS Region specifies the AWS Region where your gateway will be activated and where your data will be stored. If Endpoint type is VPC, the AWS Region should be same as the AWS Region where your VPC endpoint is located.

    • Gateway time zone specifies the time zone to use for your gateway.

    • Gateway name identifies your gateway. You use this name to manage your gateway in the console; you can change it after the gateway is activated. This name must be unique to your account.

    • Backup application specifies the backup application you want to use. Storage Gateway automatically chooses a compatible medium changer for your backup application. If your backup application is not listed, choose Other and choose a medium changer type. Medium changer type specifies the type of medium changer to use for your backup application. For a list of available backup applications, see Backup applications.

    • Tape drive type specifies the type of tape drive used by this gateway.

  3. (Optional) In the Add tags section, enter a key and value to add tags to your gateway. A tag is a case-sensitive key-value pair that helps you manage, filter, and search for your gateway.

  4. Choose Activate gateway.

    When the gateway is successfully activated, the Storage Gateway console displays the Configure local storage page.

    If activation fails, see Troubleshooting your gateway for possible solutions.

If activation isn't successful, see Troubleshooting your gateway for possible solutions.

Backup applications

The type of medium changer you choose depends on the backup application you plan to use. The following table lists third-party backup applications that have been tested and found to be compatible with tape gateways. This table includes the medium changer type recommended for each backup application.

Backup Application Medium Changer Type
Arcserve Backup AWS-Gateway-VTL
Bacula Enterprise V10.x AWS-Gateway-VTL or STK-L700
Commvault V11 STK-L700
Dell EMC NetWorker V8.x or V9.x AWS-Gateway-VTL
IBM Spectrum Protect v8.1.10 IBM-03584L32-0402
Micro Focus (HPE) Data Protector 9.x AWS-Gateway-VTL
Microsoft System Center 2012 R2 or 2016 Data Protection Manager STK-L700
NovaStor DataCenter/Network 6.4 or 7.1 STK-L700
Quest NetVault Backup 12.4 or 13.x STK-L700
Veeam Backup & Replication V7 or V8 STK-L700
Veeam Backup & Replication V9 Update 2 or later AWS-Gateway-VTL
Veritas Backup Exec 2014 or 15 or 16 or 20.x AWS-Gateway-VTL
Veritas Backup Exec 2012
Note

Veritas has ended support for Backup Exec 2012.

 STK-L700
Veritas NetBackup Version 7.x or 8.x AWS-Gateway-VTL
Important

We highly recommend that you choose the medium changer that's listed for your backup application. Other medium changers might not function properly. You can choose a different medium changer after the gateway is activated. For more information, see Selecting a Medium Changer After Gateway Activation.

Configuring Local Disks

When you deployed the VM, you allocated local disks for your gateway. Now you configure your gateway to use these disks.

Note

If you allocate local disks on a VMware host, make sure to configure the disks to use paravirtualized disk controllers.

When adding a cache or upload buffer to an existing gateway, make sure to create new disks in your host (hypervisor or Amazon EC2 instance). Don't change the size of existing disks if the disks have been previously allocated as either a cache or upload buffer.

To configure local disks

  1. For Configure local disks, identify the disks you allocated and decide which ones you want to use for an upload buffer and cached storage. For information about disk size quotas, see Recommended local disk sizes for your gateway.

  2. For Allocated to, choose Upload buffer for the disk you want to configure as upload buffer.

  3. Choose Cache for the disk you want to configure as cache storage.

    If you don't see your disks, choose Refresh.

  4. Choose Save and continue to save your configuration settings.

Configuring Amazon CloudWatch Logging

To notify you about the health of your tape gateway and its resources, you can configure an Amazon CloudWatch log group. For more information, see Getting Tape Gateway Health Logs with CloudWatch Log Groups.

New Console

To configure a CloudWatch log group for your file gateway

  1. For Configure logging - optional, choose one of the following:

    • Disable logging if you don't want to monitor your gateway using CloudWatch log groups.

    • Create a new log group to create a new CloudWatch log group.

    • Use an existing log group to use a CloudWatch log group that already exists.

      Choose a log group from the Existing log group list.

  2. Choose Save and continue to save your configuration settings.

Original Console

To configure a CloudWatch log group for your file gateway

  1. In the Gateway Log Group wizard, choose the Create new Log Group link to create a new log group. You are directed to the CloudWatch console to create one. If you already have a CloudWatch log group that you want to use to monitor your gateway, choose that group for Gateway Log Group.

  2. If you create a new log group, choose the refresh button to view the new log group in the list.

  3. If your gateway is deployed on a VMware host that is enabled for VMware High Availability (HA) cluster, you're prompted to verify and test the VMware HA configuration. In this case, choose Verify VMware HA. Otherwise, choose Save and Continue.

Verifying VMware High Availability (VMware HA Clusters Only)

If your gateway is not deployed on a VMware host that is enabled for VMware High Availability (HA), you can skip this section.

If your gateway is deployed on a VMware host that is enabled for VMware High Availability (HA) cluster, you can either test the configuration when activating the gateway or after your gateway is activated. The following instructions show you how to test the configuration during activation.

New Console

To test for VMware HA

  1. For Verify VMware High Availability configuration, choose Next. Verification can take up to two minutes to complete.

    If the test is successful, a message that indicates a successful test is displayed in the banner. If the test fails, a failed message is displayed. You can make changes in your vSphere configuration and repeat the test.

  2. To repeat the test, on the Gateways dashboard, choose your gateway, and then for Actions, choose Verify VMware High Availability.

Original Console

To test for VMware HA

  1. On the Verify VMware High Availability Configuration page, choose Verify VMware HA. This can take up to two minutes to complete.

  2. If the test is successful, a message that indicates a successful test is displayed in the banner. If the test fails, a failed message is displayed. You can make changes in your vSphere configuration and repeat the test.

  3. To repeat the test, for Actions choose Verify VMware HA.

For information about how to configure your gateway for VMware HA, see Using VMware vSphere High Availability with Storage Gateway.

Next Step

Creating Tapes