AWS Storage Gateway
User Guide (API Version 2013-06-30)

Performing Tasks on the VM Local Console (File Gateway)

For a file gateway deployed on-premises, you can perform the following maintenance tasks using the VM host's local console. These tasks are common to VMware and Microsoft Hyper-V hypervisors.

Logging In to the File Gateway Local Console

When the VM is ready for you to log in, the login screen is displayed. If this is your first time logging in to the local console, you use the default user name and password to log in. These default login credentials give you access to menus where you can configure gateway network settings and change the password from the local console. AWS Storage Gateway enables you to set your own password from the Storage Gateway console instead of changing the password from the local console. You don't need to know the default password to set a new password. For more information, see Setting the Local Console Password from the Storage Gateway Console.

To log in to the gateway's local console

  • If this is your first time logging in to the local console, log in to the VM with the default credentials. The default user name is admin and the password is password. Otherwise, use your credentials to log in.

    Note

    We recommend changing the default password. You do this by running the passwd command from the local console menu (item 6 on the main menu). For information about how to run the command, see Running Storage Gateway Commands on the Local Console. You can also set the password from the Storage Gateway console. For more information, see Setting the Local Console Password from the Storage Gateway Console.

Setting the Local Console Password from the Storage Gateway Console

When you log in to the local console for the first time, you log in to the VM with the default credentials. For all types of gateways, you use default credentials. For volume and tape gateways, the user name is sguser and the password is sgpassword. For file gateways, the user name is admin and the password is password.

We recommend that you always set a new password immediately after you create your new gateway. You can set this password from the AWS Storage Gateway console rather than the local console if you want. You don't need to know the default password to set a new password.

To set the local console password on the Storage Gateway console

  1. Open the AWS Storage Gateway console at https://console.aws.amazon.com/storagegateway/home.

  2. On the navigation pane, choose Gateways, and then choose the gateway for which you want to set a new password.

  3. For Actions, choose Set Local Console Password.

  4. In the Set Local Console Password dialog box, enter a new password, confirm the password, and then choose Save.

    Your new password replaces the default password. AWS Storage Gateway doesn't save the password but rather safely transmits it to the VM.

    Note

    The password can consist of any character on the keyboard and can be 1–512 characters long.

Configuring an HTTP Proxy

File gateways support configuration of an HTTP proxy.

Note

The only proxy configuration that file gateways support is HTTP.

If your gateway must use a proxy server to communicate to the internet, then you need to configure the HTTP proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, AWS Storage Gateway routes all HTTP traffic through your proxy server. For information about network requirements for your gateway, see Network and Firewall Requirements.

To configure an HTTP proxy for a file gateway

  1. Log in to your gateway's local console:

  2. On the AWS Appliance Activation - Configuration main menu, enter 1 to begin configuring the HTTP proxy.

  3. On the HTTP Proxy Configuration menu, enter 1 and provide the host name for the HTTP proxy server.

    You can configure other HTTP settings from this menu as shown following.

    To Do This
    Configure an HTTP proxy

    Enter 1.

    You need to supply a host name and port to complete configuration.

    View the current HTTP proxy configuration

    Enter 2.

    If an HTTP proxy is not configured, the message HTTP Proxy not configured is displayed. If an HTTP proxy is configured, the host name and port of the proxy are displayed.

    Remove an HTTP proxy configuration

    Enter 3.

    The message HTTP Proxy Configuration Removed is displayed.

  4. Restart your VM to apply your HTTP configuration settings.

Configuring Your Gateway Network Settings

The default network configuration for the gateway is Dynamic Host Configuration Protocol (DHCP). With DHCP, your gateway is automatically assigned an IP address. In some cases, you might need to manually assign your gateway's IP as a static IP address, as described following.

To configure your gateway to use static IP addresses

  1. Log in to your gateway's local console:

  2. On the AWS Appliance Activation - Configuration main menu, enter 2 to begin configuring your network.

  3. On the Network Configuration menu, choose one of the following options.

    To Do This
    Get information about your network adapter

    Enter 1.

    A list of adapter names appears, and you are prompted to enter an adapter name—for example, eth0. If the adapter you specify is in use, the following information about the adapter is displayed:

    • Media access control (MAC) address

    • IP address

    • Netmask

    • Gateway IP address

    • DHCP enabled status

    You use the same adapter name when you configure a static IP address (option 3) as when you set your gateway's default route adapter (option 5).

    Configure DHCP

    Enter 2.

    You are prompted to configure the network interface to use DHCP.

    Configure a static IP address for your gateway

    Enter 3.

    You are prompted to enter the following information to configure a static IP:

    • Network adapter name

    • IP address

    • Netmask

    • Default gateway address

    • Primary Domain Name Service (DNS) address

    • Secondary DNS address

    Important

    If your gateway has already been activated, you must shut it down and restart it from the Storage Gateway console for the settings to take effect. For more information, see Shutting Down Your Gateway VM.

    If your gateway uses more than one network interface, you must set all enabled interfaces to use DHCP or static IP addresses.

    For example, suppose that your gateway VM uses two interfaces configured as DHCP. If you later set one interface to a static IP, the other interface is disabled. To enable the interface in this case, you must set it to a static IP.

    If both interfaces are initially set to use static IP addresses and you then set the gateway to use DHCP, both interfaces use DHCP.

    Reset all your gateway's network configuration to DHCP

    Enter 4.

    All network interfaces are set to use DHCP.

    Important

    If your gateway has already been activated, you must shut down and restart your gateway from the AWS Storage Gateway console for the settings to take effect. For more information, see Shutting Down Your Gateway VM.

    Set your gateway's default route adapter

    Enter 5.

    The available adapters for your gateway are shown, and you are prompted to choose one of the adapters—for example, eth0.

    Edit your gateway's DNS configuration

    Enter 6.

    The available adapters of the primary and secondary DNS servers are displayed. You are prompted to provide the new IP address.

    View your gateway's DNS configuration

    Enter 7.

    The available adapters of the primary and secondary DNS servers are displayed.

    Note

    For some versions of the VMware hypervisor, you can edit the adapter configuration in this menu.

    View routing tables

    Enter 8.

    The default route of your gateway is displayed.

Testing Your Gateway Connection to the Internet

You can use your gateway's local console to test your internet connection. This test can be useful when you are troubleshooting network issues with your gateway.

To test your gateway's connection to the internet

  1. Log in to your gateway's local console:

  2. On the AWS Appliance Activation - Configuration main menu, enter 3 to begin testing network connectivity.

  3. Choose option 1 for Storage Gateway.

    The console displays the available AWS Regions for Storage Gateway.

  4. Choose the AWS Region that you want to test. Following are the available AWS Regions for gateways deployed on-premises.

    AWS Region Name AWS Region String File Gateway Volume Gateway Tape Gateway
    US East (Ohio) us-east-2

    yes

    yes

    yes

    US East (N. Virginia) us-east-1

    yes

    yes

    yes

    US West (N. California) us-west-1

    yes

    yes

    yes

    US West (Oregon) us-west-2

    yes

    yes

    yes

    Canada (Central) ca-central-1

    yes

    yes

    yes

    EU (Ireland) eu-west-1

    yes

    yes

    yes

    EU (Frankfurt) eu-central-1

    yes

    yes

    yes

    EU (London) eu-west-2

    yes

    yes

    yes

    EU (Paris) eu-west-3

    yes

    yes

    yes

    EU (Stockholm) eu-north-1

    yes

    yes

    yes

    Asia Pacific (Tokyo) ap-northeast-1

    yes

    yes

    yes

    Asia Pacific (Seoul) ap-northeast-2

    yes

    yes

    yes

    Asia Pacific (Singapore) ap-southeast-1

    yes

    yes

    yes

    Asia Pacific (Sydney) ap-southeast-2

    yes

    yes

    yes

    Asia Pacific (Mumbai) ap-south-1

    yes

    yes

    yes

    South America (São Paulo) sa-east-1

    yes

    yes

    no

    AWS GovCloud (US) us-gov-west-1

    yes

    yes

    yes

    Each endpoint in the selected AWS Region displays either a PASSED or FAILED message, as shown following.

    Message Description
    [ PASSED ] AWS Storage Gateway has internet connectivity.
    [ FAILED ] AWS Storage Gateway doesn't have internet connectivity.

For information about network and firewall requirements, see Network and Firewall Requirements.

Viewing Your Gateway System Resource Status

When your gateway starts, it checks its virtual CPU cores, root volume size, and RAM. It then determines whether these system resources are sufficient for your gateway to function properly. You can view the results of this check on the gateway's local console.

To view the status of a system resource check

  1. Log in to your gateway's local console:

  2. In the AWS Appliance Activation - Configuration main menu, enter 4 to view the results of a system resource check.

    The console displays an [OK], [WARNING], or [FAIL] message for each resource as described in the table following.

    Message Description
    [OK] The resource has passed the system resource check.
    [WARNING] The resource doesn't meet the recommended requirements, but your gateway can continue to function. AWS Storage Gateway displays a message that describes the results of the resource check.
    [FAIL] The resource doesn't meet the minimum requirements. Your gateway might not function properly. AWS Storage Gateway displays a message that describes the results of the resource check.

    The console also displays the number of errors and warnings next to the resource check menu option.

Configuring a Network Time Protocol (NTP) Server for Your Gateway

You can view and edit Network Time Protocol (NTP) server configurations and synchronize the VM time on your gateway with your hypervisor host.

To manage system time

  1. Log in to your gateway's local console:

  2. In the AWS Appliance Activation - Configuration main menu, enter 5 to manage your system's time.

  3. In the System Time Management menu, choose one of the following options.

    To Do This
    View and synchronize your VM time with NTP server time.

    Enter 1.

    The current time of your VM is displayed. Your file gateway determines the time difference from your gateway VM, and your NTP server time prompts you to synchronize the VM time with NTP time.

    After your gateway is deployed and running, in some scenarios the gateway VM's time can drift. For example, suppose that there is a prolonged network outage and your hypervisor host and gateway don't get time updates. In this case, the gateway VM's time is different from the true time. When there is a time drift, a discrepancy occurs between the stated times when operations such as snapshots occur and the actual times that the operations occur.

    For a gateway deployed on VMware ESXi, setting the hypervisor host time and synchronizing the VM time to the host is sufficient to avoid time drift. For more information, see Synchronizing VM Time with Host Time.

    For a gateway deployed on Microsoft Hyper-V, you should periodically check your VM's time. For more information, see Synchronizing Your Gateway VM Time.

    Edit your NTP server configuration

    Enter 2.

    You are prompted to provide a preferred and a secondary NTP server.

    View your NTP server configuration

    Enter 3.

    Your NTP server configuration is displayed.

Running Storage Gateway Commands on the Local Console

The VM local console in Storage Gateway helps provide a secure environment for configuring and diagnosing issues with your gateway. Using the local console commands, you can perform maintenance tasks such as saving routing tables, connecting to AWS Support, and so on.

To run a configuration or diagnostic command

  1. Log in to your gateway's local console:

  2. On the AWS Appliance Activation - Configuration main menu, enter 6 for Command Prompt.

  3. On the AWS Appliance Activation - Command Prompt console, enter h, and then press the Return key.

    The console displays the AVAILABLE COMMANDS menu with what the commands do, as shown in the following screenshot.

  4. At the command prompt, enter the command that you want to use and follow the instructions.

To learn about a command, enter the command name at the command prompt.

Configuring Network Adapters for Your Gateway

By default, AWS Storage Gateway is configured to use the E1000 network adapter type, but you can reconfigure your gateway to use the VMXNET3 (10 GbE) network adapter. You can also configure Storage Gateway so it can be accessed by more than one IP address. You do this by configuring your gateway to use more than one network adapter.

Configuring Your Gateway to Use the VMXNET3 Network Adapter

AWS Storage Gateway supports the E1000 network adapter type in both VMware ESXi and Microsoft Hyper-V Hypervisor hosts. However, the VMXNET3 (10 GbE) network adapter type is supported in VMware ESXi hypervisor only. If your gateway is hosted on a VMware ESXi hypervisor, you can reconfigure your gateway to use the VMXNET3 (10 GbE) adapter enter. For more information on this adapter, see the VMware website.

Important

To select VMXNET3, your guest operating system enter must be Other Linux64.

Following are the steps you take to configure your gateway to use the VMXNET3 adapter:

  1. Remove the default E1000 adapter.

  2. Add the VMXNET3 adapter.

  3. Restart your gateway.

  4. Configure the adapter for the network.

Details on how to perform each step follow.

To remove the default E1000 adapter and configure your gateway to use the VMXNET3 adapter

  1. In VMware, open the context (right-click) menu for your gateway and choose Edit Settings.

  2. In the Virtual Machine Properties window, choose the Hardware tab.

  3. For Hardware, choose Network adapter. Notice that the current adapter is E1000 in the Adapter Enter section. You replace this adapter with the VMXNET3 adapter.

  4. Choose the E1000 network adapter, and then choose Remove. In this example, the E1000 network adapter is Network adapter 1.

    Note

    Although you can run the E1000 and VMXNET3 network adapters in your gateway at the same time, we don't recommend doing so because it can cause network problems.

  5. Choose Add to open the Add Hardware wizard.

  6. Choose Ethernet Adapter, and then choose Next.

  7. In the Network Enter wizard, select VMXNET3 for Adapter Enter, and then choose Next.

  8. In the Virtual Machine properties wizard, verify in the Adapter Enter section that Current Adapter is set to VMXNET3, and then choose OK.

  9. In the VMware VSphere client, shut down your gateway.

  10. In the VMware VSphere client, restart your gateway.

After your gateway restarts, reconfigure the adapter you just added to make sure that network connectivity to the internet is established.

To configure the adapter for the network

  1. In the VSphere client, choose the Console tab to start the local console. Use the default login credentials to log in to the gateway's local console for this configuration task. For information about how to log in using the default credentials, see Logging In to the File Gateway Local Console.

  2. At the prompt, enter 2 to select Network Configuration, and then press Enter to open the network configuration menu.

  3. At the prompt, enter 4 to select Reset all to DHCP, and then enter y (for yes) at the prompt to set all adapters to use Dynamic Host Configuration Protocol (DHCP). All available adapters are set to use DHCP.

    If your gateway is already activated, you must shut it down and restart it from the AWS Storage Gateway Management Console. After the gateway restarts, you must test network connectivity to the internet. For information about how to test network connectivity, see Testing Your Gateway Connection to the Internet.

Configuring Your Gateway for Multiple NICs

If you configure your gateway to use multiple network adapters (NICs), it can be accessed by more than one IP address. You might want to do this in the following situations:

  • Maximizing throughput – You might want to maximize throughput to a gateway when network adapters are a bottleneck.

  • Application separation – You might need to separate how your applications write to a gateway's volumes. For example, you might choose to have a critical storage application exclusively use one particular adapter defined for your gateway.

  • Network constraints – Your application environment might require that you keep your iSCSI targets and the initiators that connect to them in an isolated network. This network is different from the network by which the gateway communicates with AWS.

In a typical multiple-adapter use case, one adapter is configured as the route by which the gateway communicates with AWS (that is, as the default gateway). Except for this one adapter, initiators must be in the same subnet as the adapter that contains the iSCSI targets to which they connect. Otherwise, communication with the intended targets might not be possible. If a target is configured on the same adapter that is used for communication with AWS, then iSCSI traffic for that target and AWS traffic flows through the same adapter.

In some cases, you might configure one adapter to connect to the Storage Gateway console and then add a second adapter. In such a case, Storage Gateway automatically configures the route table to use the second adapter as the preferred route. For instructions on how to configure multiple adapters, see the following sections: