Transcription
AWS Storage GatewayAmazon FSx File Gateway User GuideAPI Version 2021-03-31
AWS Storage Gateway AmazonFSx File Gateway User GuideAWS Storage Gateway: Amazon FSx File Gateway User GuideCopyright Amazon Web Services, Inc. and/or its affiliates. All rights reserved.Amazon's trademarks and trade dress may not be used in connection with any product or service that is notAmazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages ordiscredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who mayor may not be affiliated with, connected to, or sponsored by Amazon.
AWS Storage Gateway AmazonFSx File Gateway User GuideTable of Contents. viiWhat is Amazon FSx File Gateway? . 1How FSx File works . 1Getting Started . 4Sign up for Amazon Web Services . 4Create an IAM user . 4Requirements . 5Required prerequisites . 5Hardware and storage requirements . 6Network and firewall requirements . 7Supported hypervisors and host requirements . 14Supported SMB clients for a File Gateway . 14Supported file system operations . 15Accessing AWS Storage Gateway . 15Supported AWS Regions . 15Using the hardware appliance . 16Ordering Information . 16Supported AWS Regions . 16Setting up your hardware appliance . 16Rack-mounting and connecting the hardware appliance to power . 17Hardware appliance dimensions . 18Configuring network parameters . 20Activating your hardware appliance . 22Launching a gateway . 24Configuring an IP address for the gateway . 24Configuring your gateway . 25Removing a gateway . 25Deleting your hardware appliance . 26Creating Your Gateway . 27Overview - Gateway Activation . 27Set up gateway . 27Connect to AWS . 27Review and activate . 27Overview - Gateway Configuration . 27Overview - Storage Resources . 28Step 1: Create an Amazon FSx file system . 28Step 2: (Optional) Create a VPC endpoint . 28Step 3: Create and activate an FSx File Gateway gateway . 30Set up an Amazon FSx File Gateway . 30Connect your Amazon FSx File Gateway to AWS . 31Review settings and activate your Amazon FSx File Gateway . 31Configure your Amazon FSx File Gateway . 32Activating a gateway in a VPC . 33Creating a VPC endpoint for Storage Gateway . 33Configure Active Directory domain settings . 35Attach an Amazon FSx file system . 36Mount and use your file share . 38Mount your SMB file share on your client . 38Test your FSx File . 39Managing your Amazon FSx File Gateway resources . 41Attaching an Amazon FSx file system . 41Configuring Active Directory for FSx File . 41Configuring Active Directory settings . 41Editing FSx File settings . 42API Version 2021-03-31iii
AWS Storage Gateway AmazonFSx File Gateway User GuideEditing Amazon FSx for Windows File Server file system settings . 42Detaching an Amazon FSx file system . 43Monitoring your File Gateway . 44Getting File Gateway health logs . 44Configuring a CloudWatch log group for your gateway . 44Using Amazon CloudWatch metrics . 45Understanding gateway metrics . 46Understanding file system metrics . 49Understanding File Gateway audit logs . 51Maintaining your gateway . 54Shutting down your gateway VM . 54Managing local disks . 54Deciding the amount of local disk storage . 54Sizing cache storage . 55Configuring cache storage . 55Using ephemeral storage with EC2 gateways . 55Managing Gateway Updates . 56Performing Maintenance Tasks on the Local Console . 56Performing tasks on the VM local console (File Gateway) . 57Performing tasks on the EC2 local console (File Gateway) . 67Accessing the Gateway Local Console . 72Configuring Network Adapters for Your Gateway . 76Deleting Your Gateway and Removing Resources . 82Deleting Your Gateway by Using the Storage Gateway Console . 82Removing Resources from a Gateway Deployed On-Premises . 83Removing Resources from a Gateway Deployed on an Amazon EC2 Instance . 83Performance . 85Performance guidance for FSx File Gateway . 85FSx File Gateway performance on Windows clients . 85Optimizing Gateway Performance . 86Add Resources to Your Gateway . 86Add Resources to Your Application Environment . 87Using VMware High Availability with Storage Gateway . 87Configure Your vSphere VMware HA Cluster . 88Download the .ova Image for Your Gateway Type . 89Deploy the Gateway . 89(Optional) Add Override Options for Other VMs on Your Cluster . 89Activate Your Gateway . 90Test Your VMware High Availability Configuration . 90Security . 91Data protection . 91Data encryption . 92Authentication and access control . 93Authentication . 93Access control . 94Overview of managing access . 95Using identity-based policies (IAM policies) . 98Using tags to control access to resources . 104Storage Gateway API permissions reference . 106Using service-linked roles . 112Logging and monitoring . 114Storage Gateway information in CloudTrail . 114Understanding Storage Gateway log file entries . 115Compliance validation . 116Resilience . 117Infrastructure security . 117AWS Security Best Practices . 117API Version 2021-03-31iv
AWS Storage Gateway AmazonFSx File Gateway User GuideTroubleshooting and best practices .Troubleshooting: on-premises gateway issues .Enabling AWS Support to help troubleshoot your gateway .Troubleshooting: Microsoft Hyper-V setup issues .Troubleshooting: Amazon EC2 gateway issues .Gateway activation hasn't occurred after a few moments .Can't find the EC2 gateway instance in the instance list .Enabling AWS Support to help troubleshoot the gateway .Troubleshooting: hardware appliance issues .How to determine service IP address .How to perform a factory reset .How to obtain Dell iDRAC support .How to find the hardware appliance serial number .How to get hardware appliance support .Troubleshooting: File Gateway issues .Error: ObjectMissing .Error: FileMissing .Error: InvalidFileState .Error: FsxFileSystemAuthenticationFailure .Error: FsxFileSystemConnectionFailure .Error: FsxFileSystemFull .Notification: Reboot .Notification: HardReboot .Notification: HealthCheckFailure .Notification: AvailabilityMonitorTest .Troubleshooting with CloudWatch metrics .High Availability Health Notifications .Troubleshooting: high availability issues .Health notifications .Metrics .Best practices: recovering data .Recovering from an unexpected VM shutdown .Recovering data from a malfunctioning cache disk .Recovering data from an inaccessible data center .Best practices: restoring backups/snapshots on your Amazon FSx file system .Additional Resources .Host setup .Configuring VMware for Storage Gateway .Synchronizing Your Gateway VM Time .Deploy an Amazon EC2 host for File Gateway .Getting Activation Key .AWS CLI .Linux (bash/zsh) .Microsoft Windows PowerShell .Using AWS Direct Connect with Storage Gateway .Connecting to Your Gateway .Getting an IP Address from an Amazon EC2 Host .Understanding Resources and Resource IDs .Working with Resource IDs .Tagging Your Resources .Working with tags .See also .Open-source components .Open-source components for Storage Gateway .Open-source components for Amazon FSx File Gateway .Quotas .Quotas for file systems .API Version 47148148149149150150150151151151
AWS Storage Gateway AmazonFSx File Gateway User GuideRecommended local disk sizes for your gateway .API Reference .Required Request Headers .Signing Requests .Example Signature Calculation .Error Responses .Exceptions .Operation Error Codes .Error Responses .Operations .Document history .API Version 2021-03-31vi152153153155155156157158170172173
AWS Storage Gateway AmazonFSx File Gateway User GuideAmazon S3 File Gateway documentation has been moved to What is Amazon S3 File Gateway?Volume Gateway documentation has been moved to What is Volume Gateway?Tape Gateway documentation has been moved to What is Tape Gateway?API Version 2021-03-31vii
AWS Storage Gateway AmazonFSx File Gateway User GuideHow FSx File worksWhat is Amazon FSx File Gateway?Storage Gateway offers File Gateway, Volume Gateway, and Tape Gateway storage solutions.Amazon FSx File Gateway (FSx File) is a new File Gateway type that provides low latency and efficientaccess to in-cloud FSx for Windows File Server file shares from your on-premises facility. If you maintainon-premises file storage because of latency or bandwidth requirements, you can instead use FSx File forseamless access to fully managed, highly reliable, and virtually unlimited Windows file shares provided inthe AWS Cloud by FSx for Windows File Server.Benefits of using Amazon FSx File GatewayFSx File provides the following benefits: Helps eliminate on-premises file servers and consolidates all their data in AWS to take advantage ofthe scale and economics of cloud storage. Provides options that you can use for all your file workloads, including those that require on-premisesaccess to cloud data. Applications that need to stay on premises can now experience the same low latency and highperformance that they have in AWS, without taxing your networks or impacting the latenciesexperienced by your most demanding applications.How Amazon FSx File Gateway worksTo use Amazon FSx File Gateway (FSx File), you must have at least one Amazon FSx for Windows FileServer file system. You must also have on-premises access to FSx for Windows File Server, either througha VPN or through an AWS Direct Connect connection. For more information about using Amazon FSx filesystems, see What is Amazon FSx for Windows File Server?You download and deploy the FSx File VMware virtual appliance or an AWS Storage Gateway HardwareAppliance into your on-premises environment. After deploying your appliance, you activate the FSx Filefrom the Storage Gateway console or through the Storage Gateway API. You can also create an FSx Fileusing an Amazon Elastic Compute Cloud (Amazon EC2) image.After the Amazon FSx File Gateway is activated and can access FSx for Windows File Server, use theStorage Gateway console to join it to your Microsoft Active Directory domain. After the gatewaysuccessfully joins a domain, you use the Storage Gateway console to attach the gateway to an existingFSx for Windows File Server. FSx for Windows File Server makes all the shares on the server availableas shares on your Amazon FSx File Gateway. You can then use a client to browse and connect to the fileshares on FSx File that correspond to the selected FSx File.When the file shares are connected, you can read and write your files locally, while benefiting from allthe features available on FSx for Windows File Server. FSx File maps local file shares and their contentsto file shares stored remotely in FSx for Windows File Server. There is a 1:1 correspondence between theremote and locally visible files and their shares.The following diagram provides an overview of file storage deployment for Storage Gateway.API Version 2021-03-311
AWS Storage Gateway AmazonFSx File Gateway User GuideHow FSx File worksAPI Version 2021-03-312
AWS Storage Gateway AmazonFSx File Gateway User GuideHow FSx File worksNote the following in the diagram: AWS Direct Connect or a VPN is needed to allow the FSx File to access the Amazon FSx file shareusing SMB and to allow the FSx for Windows File Server to join your on-premises Active Directorydomain. Amazon Virtual Private Cloud (Amazon VPC) is needed to connect to the FSx for Windows FileServer service VPC and the Storage Gateway service VPC using private endpoints. The FSx File can alsoconnect to the public endpoints.You can use Amazon FSx File Gateway in all AWS Regions where FSx for Windows File Server is available.API Version 2021-03-313
AWS Storage Gateway AmazonFSx File Gateway User GuideSign up for Amazon Web ServicesGetting StartedThis section provides instructions for getting started with Amazon FSx File Gateway. To get started,you first sign up for AWS. If you are a first-time user, we recommend that you read the Regions andRequirements sections.Topics Sign up for Amazon Web Services (p. 4) Create an IAM user (p. 4) File Gateway setup requirements (p. 5) Accessing AWS Storage Gateway (p. 15) Supported AWS Regions (p. 15)Sign up for Amazon Web ServicesIf you do not have an AWS account, complete the following steps to create one.To sign up for an AWS account1.Open low the online instructions.Part of the sign-up procedure involves receiving a phone call and entering a verification code on thephone keypad.Create an IAM userAfter you create your AWS account, use the following steps to create an AWS Identity and AccessManagement (IAM) user for yourself. Then you add that user to a group that has administrativepermissions.To create an administrator user for yourself and add the user to an administrators group(console)1.Sign in to the IAM console as the account owner by choosing Root user and entering your AWSaccount email address. On the next page, enter your password.Note2.3.4.5.6.We strongly recommend that you adhere to the best practice of using the AdministratorIAM user that follows and securely lock away the root user credentials. Sign in as the rootuser only to perform a few account and service management tasks.In the navigation pane, choose Users and then choose Add users.For User name, enter Administrator.Select the check box next to AWS Management Console access. Then select Custom password, andthen enter your new password in the text box.(Optional) By default, AWS requires the new user to create a new password when first signing in. Youcan clear the check box next to User must create a new password at next sign-in to allow the newuser to reset their password after they sign in.Choose Next: Permissions.API Version 2021-03-314
AWS Storage Gateway AmazonFSx File Gateway User GuideRequirements7.Under Set permissions, choose Add user to group.8.Choose Create group.9.In the Create group dialog box, for Group name enter Administrators.10. Choose Filter policies, and then select AWS
Storage Gateway offers file gateway, volume gateway, and tape gateway storage solutions. Amazon FSx File Gateway (FSx File) is a new file gateway type that provides low latency and efficient access to in-cloud FSx for Windows File Server file shares from your on-premises facility.
