AWS Storage Gateway

Home » AWS Cheat Sheets » AWS Storage Services » AWS Storage Gateway

AWS Storage Gateway

Last updated on February 24, 2024

AWS Storage Gateway Cheat Sheet

  • The service enables hybrid storage between on-premises environments and the AWS Cloud.
  • It integrates on-premises enterprise applications and workflows with Amazon’s block and object cloud storage services through industry standard storage protocols.
  • The service stores files as native S3 objects, archives virtual tapes in Amazon Glacier, and stores EBS Snapshots generated by the Volume Gateway with Amazon EBS.

Storage Solutions

File Gateway vs Volume Gateway vs Tape Gateway

    • File Gateway – supports a file interface into S3 and combines a service and a virtual software appliance.
      • The software appliance, or gateway, is deployed into your on-premises environment as a virtual machine running on VMware ESXi or Microsoft Hyper-V hypervisor.
      • File gateway supports
        • S3 Standard
        • S3 Standard – Infrequent Access
        • S3 One Zone – IA
      • With a file gateway, you can do the following:
        • You can store and retrieve files directly using the NFS version 3 or 4.1 protocol.
        • You can store and retrieve files directly using the SMB file system version, 2 and 3 protocol.
        • You can access your data directly in S3 from any AWS Cloud application or service.
        • You can manage your S3 data using lifecycle policies, cross-region replication, and versioning.
      • File Gateway now supports Amazon S3 Object Lock, enabling write-once-read-many (WORM) file-based systems to store and access objects in Amazon S3.
      • Any modifications such as file edits, deletes or renames from the gateway’s NFS or SMB clients are stored as new versions of the object, without overwriting or deleting previous versions.
      • File Gateway local cache can support up to 64TB of data.
    • Volume Gateway – provides cloud-backed storage volumes that you can mount as iSCSI devices from your on-premises application servers.
      • Cached volumes – you store your data in S3 and retain a copy of frequently accessed data subsets locally. Cached volumes can range from 1 GiB to 32 TiB in size and must be rounded to the nearest GiB. Each gateway configured for cached volumes can support up to 32 volumes.
  • Tutorials dojo strip

AWS Storage Gateway Training

      • Stored volumes – if you need low-latency access to your entire dataset, first configure your on-premises gateway to store all your data locally. Then asynchronously back up point-in-time snapshots of this data to S3. Stored volumes can range from 1 GiB to 16 TiB in size and must be rounded to the nearest GiB. Each gateway configured for stored volumes can support up to 32 volumes.

AWS Storage Gateway Training

      • AWS Storage Gateway customers using the Volume Gateway configuration for block storage can detach and attach volumes, from and to a Volume Gateway. You can use this feature to migrate volumes between gateways to refresh underlying server hardware, switch between virtual machine types, and move volumes to better host platforms or newer Amazon EC2 instances.
    • Tape Gateway – archive backup data in Amazon Glacier.
      • Has a virtual tape library (VTL) interface to store data on virtual tape cartridges that you create.
      • Deploy your gateway on an EC2 instance to provision iSCSI storage volumes in AWS.
      • The AWS Storage Gateway service integrates Tape Gateway with Amazon S3 Glacier Deep Archive storage class, allowing you to store virtual tapes in the lowest-cost Amazon S3 storage class.
      • Tape Gateway also has the capability to move your virtual tapes archived in Amazon S3 Glacier to Amazon S3 Glacier Deep Archive storage class, enabling you to further reduce the monthly cost to store long-term data in the cloud by up to 75%.
      • Supports Write-Once-Read-Many and Tape Retention Lock on virtual tapes.

aws storage gateway

  • Storage Gateway Hosting Options

    • As a VM containing the Storage Gateway software, run on VMware ESXi, Microsoft Hyper-V on premises
    • As a VM in VMware Cloud on AWS
    • As a hardware appliance on premises
    • As an AMI in an EC2 instance
  • Storage Gateway stores volume, snapshot, tape, and file data in the AWS Region in which your gateway is activated. File data is stored in the AWS Region where your S3 bucket is located.
  • The local gateway appliance maintains a cache of recently written or read data so your applications can have low-latency access to data that is stored durably in AWS. The gateways use a read-through and write-back cache.
  • File Gateway File Share

    • You can create an NFS or SMB file share using the AWS Management Console or service API.
    • After your file gateway is activated and running, you can add additional file shares and grant access to S3 buckets.
    • You can use a file share to access objects in an S3 bucket that belongs to a different AWS account.
    • The AWS Storage Gateway service added support for Access Control Lists (ACLs) to Server Message Block (SMB) shares on the File Gateway, helping enforce data security standards when using the gateway for storing and accessing data in Amazon Simple Storage Service (S3).
    • After your file gateway is activated and running, you can add additional file shares and grant access to S3 buckets.

AWS Storage Gateway Security

    • You can use AWS KMS to encrypt data written to a virtual tape.
    • Storage Gateway uses Challenge-Handshake Authentication Protocol (CHAP) to authenticate iSCSI and initiator connections. CHAP provides protection against playback attacks by requiring authentication to access storage volume targets.
    • Authentication and access control with IAM.

AWS Storage Gateway Compliance

    • Storage Gateway is HIPAA eligible.
    • Storage Gateway in compliance with the Payment Card Industry Data Security Standard (PCI DSS)

AWS Storage Gateway Pricing

    • You are charged based on the type and amount of storage you use, the requests you make, and the amount of data transferred out of AWS.
    • You are charged only for the amount of data you write to the Tape Gateway tape, not the tape capacity.

Deep Dive: Hybrid Cloud Storage Architecture w/Storage Gateway:

 

Validate Your Knowledge

Question 1

A data analytics company keeps a massive volume of data that they store in their on-premises data center. To scale their storage systems, they are looking for cloud-backed storage volumes that they can mount using Internet Small Computer System Interface (iSCSI) devices from their on-premises application servers. They have an on-site data analytics application that frequently accesses the latest data subsets locally while the older data are rarely accessed. You are required to minimize the need to scale the on-premises storage infrastructure while still providing their web application with low-latency access to the data.

Which type of AWS Storage Gateway service will you use to meet the above requirements?

  1. Volume Gateway in stored mode
  2. Tape Gateway
  3. Volume Gateway in cached mode
  4. File Gateway

Correct Answer: 3

The Volume Gateway is a cloud-based iSCSI block storage volume for your on-premises applications. The Volume Gateway provides either a local cache or full volumes on-premises while also storing full copies of your volumes in the AWS cloud.

There are two options for Volume Gateway:

Cached Volumes – you store volume data in AWS, with a small portion of recently accessed data in the cache on-premises.

Stored Volumes – you store the entire set of volume data on-premises and store periodic point-in-time backups (snapshots) in AWS.

In this scenario, the technology company is looking for a storage service that will enable their analytics application to frequently access the latest data subsets and not the entire data set (as it was mentioned that the old data are rarely being used). This requirement can be fulfilled by setting up a Cached Volume Gateway in AWS Storage Gateway.

By using cached volumes, you can use Amazon S3 as your primary data storage while retaining frequently accessed data locally in your storage gateway. Cached volumes minimize the need to scale your on-premises storage infrastructure while still providing your applications with low-latency access to frequently accessed data. You can create storage volumes up to 32 TiB in size and afterward, attach these volumes as iSCSI devices to your on-premises application servers. When you write to these volumes, your gateway stores the data in Amazon S3. It retains the recently read data in your on-premises storage gateway’s cache and uploads buffer storage.

Cached volumes can range from 1 GiB to 32 TiB in size and must be rounded to the nearest GiB. Each gateway configured for cached volumes can support up to 32 volumes for a total maximum storage volume of 1,024 TiB (1 PiB).

In the cached volumes solution, AWS Storage Gateway stores all your on-premises application data in a storage volume in Amazon S3. Hence, the correct answer is: Volume Gateway in cached mode.

Volume Gateway in stored mode is incorrect because the requirement is to provide low latency access to the frequently accessed data subsets locally. Stored Volumes are used if you need low-latency access to your entire dataset.

Tape Gateway is incorrect because this is just a cost-effective, durable, long-term offsite alternative for data archiving, which is not needed in this scenario.

File Gateway is incorrect because the scenario requires you to mount volumes as iSCSI devices. File Gateway is used to store and retrieve Amazon S3 objects through NFS and SMB protocols.

References:
https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html#volume-gateway-concepts
https://docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway.html

Note: This question was extracted from our AWS Certified Solutions Architect Associate Practice Exams.

AWS Exam Readiness Courses

Question 2

A financial services company, which has a hybrid cloud architecture, has hired you to manage their on-premises and cloud infrastructure. As part of their disaster and recovery plan, you should set up a durable backup and archiving system for their corporate documents stored on both on-premises and on their cloud storage. These documents should be immediately accessible within minutes for 6 months and be available for another 10 years to meet the data compliance.

Which of the following is the best and most cost-effective approach to implement for this scenario?

  1. Set up a new file gateway that connects to your on-premises data center using AWS Storage Gateway. Upload the files to the file gateway and use lifecycle policies to move the data into Glacier for archiving.
  2. Set up a new tape gateway that connects to your on-premises data center using AWS Storage Gateway. Upload the files to the tape gateway and use lifecycle policies to move the data into Glacier for archiving.
  3. Connect your on-premises network to your VPC by establishing a DIrect Connect connection. Upload the data on EBS Volumes and use lifecycle policies to automatically move the EBS snapshots to an S3 bucket, and then later to Glacier for archiving.
  4. Migrate all of the files from the on-premises network using Snowball Edge. Upload the files to an S3 bucket and use lifecycle policies to move the data into Glacier for archiving.

Correct Answer: 1

AWS Storage Gateway supports the Amazon S3 Standard, Amazon S3 Standard-Infrequent Access, Amazon S3 One Zone-Infrequent Access, and Amazon Glacier storage classes. When you create or update a file share, you have the option to select a storage class for your objects. You can either choose the Amazon S3 Standard or any of the infrequent access storage classes such as S3 Standard IA or S3 One Zone IA. Objects stored in any of these storage classes can be transitioned to Amazon Glacier using a Lifecycle Policy.

AWS Storage Gateway

Although you can write objects directly from a file share to the S3-Standard-IA or S3-One Zone-IA storage class, it is recommended you use a Lifecycle Policy to transition your objects rather than write directly from the file share, especially if you’re expecting to update or delete the object within 30 days of archiving it.

Therefore, the correct answer is the option that says: Set up a new file gateway that connects to your on-premises data center using AWS Storage Gateway. Upload the files to the file gateway and use lifecycle policies to move the data into Glacier for archiving.

The option that says: Set up a new tape gateway that connects to your on-premises data center using AWS Storage Gateway. Upload the files to the tape gateway and use lifecycle policies to move the data into Glacier for archiving is incorrect. Although tape gateways provide cost-effective and durable archive backup data in Amazon Glacier, it does not meet the criteria of being able to be retrieved immediately within minutes. It is better to set up a file gateway instead.

The option that says: Connect your on-premises network to your VPC by establishing a Direct Connect connection. Upload the data on EBS Volumes and use lifecycle policies to automatically move the EBS snapshots to an S3 bucket, and then later to Glacier for archiving is incorrect because EBS Volumes are not as durable compared with S3, and it would be more cost-efficient if you directly store the documents to an S3 bucket.

The option that says: Migrate all of the files from the on-premises network using Snowball Edge. Upload the files to an S3 bucket and use lifecycle policies to move the data into Glacier for archiving is incorrect because Snowball Edge is mainly used to migrate the entire data of an on-premises data center to AWS. It is a secure appliance to transfer large amounts of data into and out of AWS. This is not a suitable approach as the company still has a hybrid cloud architecture which means that they will still use their on-premises data center along with their AWS cloud infrastructure.

Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

Note: This question was extracted from our AWS Certified SysOps Administrator Associate Practice Exams.

For more AWS practice tests and reviewers, visit the Tutorials Dojo Portal:

Tutorials Dojo AWS Practice Tests

AWS Storage Gateway Resources: 

https://docs.aws.amazon.com/storagegateway/latest/userguide/
https://aws.amazon.com/storagegateway/features/
https://aws.amazon.com/storagegateway/pricing/
https://aws.amazon.com/storagegateway/faqs/

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from MapĂşa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?