Simplify integration of S3 storage with local resources

Access Portal

Fine Tuning in the AWS Management Console

In the Gateways side tab, you will find the configured gateways with their respective statuses (Figure 1). To the right of the Create gateway button for creating additional gateways are the buttons for creating file shares, volumes (iSCSI Targets), and tapes. The list under these buttons shows the configured gateways. The example gateway here has the status Running with a warning sign, because no volumes have been created yet. You can either do this with the buttons mentioned above or with the corresponding side tabs for File shares , Volumes , and Tapes . Of course, shares and tapes can only be used if a File Gateway or Tape Gateway is created. I have created a Volume Gateway in this example, so I will move on to create the targets.

Figure 1: A configured Volume Gateway in the AWS Management Console.

You can only create an iSCSI target if local storage is associated with the gateway, as indicated by the orange warning. The matching Edit local disks button appears directly next to the warning. For this purpose, I assigned two more VM disks (VMDKs) to the VM and then restarted it, which I could have done in the course of the deployment. It is now possible to assign local volumes. In cached mode, each local volume can be assigned to the Volume Gateway either as a cache volume or an upload buffer, but not as a stored volume, because the administrator must provide the appropriate gateway type from the outset. Once the volumes are assigned, the Volume Gateway no longer displays any warnings in the list.

Setting Targets

The iSCSI volumes mapped in S3 are still missing with regard to the connection on the AWS side. You can also create these in the Management Console by clicking Create volume . The associated dialog is clear-cut and leaves no questions unanswered. Creating the iSCSI target continues with the Challenge Handshake Authentication Protocol (CHAP) configuration and points out that the volume accepts connections from any iSCSI initiator without further configuration.

Typical of iSCSI, CHAP configuration is optional. Once the volume has been created successfully, it appears in the volume list with the status Available . Under Actions , EBS snapshots can then be created or scheduled at any time, and existing volumes can be deleted. You then connect the target to the local server via the displayed Host IP . All functions for controlling the gateway itself can be found under the Actions menu of the gateway list in the Management Console, where you can then set bandwidth limits or maintenance windows and, of course, stop or delete gateways.

Security Through Encryption

All data transferred between a gateway appliance and AWS storage are encrypted by SSL. By default, all data stored by the AWS Storage Gateway in S3 are encrypted on the server side with Amazon S3-Managed Encryption Keys (SSE-S3). You can also optionally configure each file share in the File Gateway so that your objects are encrypted with AWS KMS-managed keys by SSE-KMS.

By the way, creating and connecting the File Gateway and the Tape Gateway is no less intuitive that the process shown for the Volume Gateway. Also, I have only focused on the purely storage-related aspects so far. Of course, the Storage Gateway is integrated with encryption/KMS, identity and access management (IAM), or CloudWatch (monitoring), as is usual with AWS, and thus benefits from the security, manageability, durability, and scalability of AWS in general.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=