AWS Storage Gateway

  • The service enables hybrid storage between on-premises environments and the AWS Cloud.
  • It integrates on-premises enterprise applications and workflows with Amazon’s block and object cloud storage services through industry standard storage protocols.
  • The service stores files as native S3 objects, archives virtual tapes in Amazon Glacier, and stores EBS Snapshots generated by the Volume Gateway with Amazon EBS.
  • Storage Solutions

    • File Gateway – supports a file interface into S3 and combines a service and a virtual software appliance.
      • The software appliance, or gateway, is deployed into your on-premises environment as a virtual machine running on VMware ESXi or Microsoft Hyper-V hypervisor.
      • File gateway supports
        • S3 Standard
        • S3 Standard – Infrequent Access
        • S3 One Zone – IA
      • With a file gateway, you can do the following:
        • You can store and retrieve files directly using the NFS version 3 or 4.1 protocol.
        • You can store and retrieve files directly using the SMB file system version, 2 and 3 protocol.
        • You can access your data directly in S3 from any AWS Cloud application or service.
        • You can manage your S3 data using lifecycle policies, cross-region replication, and versioning.
      • File Gateway now supports Amazon S3 Object Lock, enabling write-once-read-many (WORM) file-based systems to store and access objects in Amazon S3.
      • Any modifications such as file edits, deletes or renames from the gateway’s NFS or SMB clients are stored as new versions of the object, without overwriting or deleting previous versions.

AWS Storage Gateway Training

    • Volume Gateway – provides cloud-backed storage volumes that you can mount as iSCSI devices from your on-premises application servers.
      • Cached volumes – you store your data in S3 and retain a copy of frequently accessed data subsets locally. Cached volumes can range from 1 GiB to 32 TiB in size and must be rounded to the nearest GiB. Each gateway configured for cached volumes can support up to 32 volumes.

AWS Storage Gateway Training

      • Stored volumes – if you need low-latency access to your entire dataset, first configure your on-premises gateway to store all your data locally. Then asynchronously back up point-in-time snapshots of this data to S3. Stored volumes can range from 1 GiB to 16 TiB in size and must be rounded to the nearest GiB. Each gateway configured for stored volumes can support up to 32 volumes.

AWS Storage Gateway Training

IT Certification Category (English)728x90
    • Tape Gateway – archive backup data in Amazon Glacier.
      • Has a virtual tape library (VTL) interface to store data on virtual tape cartridges that you create.
      • Deploy your gateway on an EC2 instance to provision iSCSI storage volumes in AWS.
    • AWS Storage Gateway customers using the Volume Gateway configuration for block storage can now detach and attach volumes, from and to a Volume Gateway. You can use this feature to migrate volumes between gateways to refresh underlying server hardware, switch between virtual machine types, and move volumes to better host platforms or newer Amazon EC2 instances.
  • Storage Gateway Hosting Options

    • As a VM containing the Storage Gateway software, run on VMware ESXi, Microsoft Hyper-V on premises
    • As a VM in VMware Cloud on AWS
    • As a hardware appliance on premises
    • As an AMI in an EC2 instance
  • Storage Gateway stores volume, snapshot, tape, and file data in the AWS Region in which your gateway is activated. File data is stored in the AWS Region where your S3 bucket is located.
  • The local gateway appliance maintains a cache of recently written or read data so your applications can have low-latency access to data that is stored durably in AWS. The gateways use a read-through and write-back cache.
  • File Gateway File Share

    • You can create an NFS or SMB file share using the AWS Management Console or service API.
    • After your file gateway is activated and running, you can add additional file shares and grant access to S3 buckets.
    • You can use a file share to access objects in an S3 bucket that belongs to a different AWS account.
  • Security

    • You can use AWS KMS to encrypt data written to a virtual tape.
    • Storage Gateway uses Challenge-Handshake Authentication Protocol (CHAP) to authenticate iSCSI and initiator connections. CHAP provides protection against playback attacks by requiring authentication to access storage volume targets.
    • Authentication and access control with IAM.
  • Compliance

    • Storage Gateway is HIPAA eligible.
    • Storage Gateway in compliance with the Payment Card Industry Data Security Standard (PCI DSS)
  • Pricing

    • You are charged based on the type and amount of storage you use, the requests you make, and the amount of data transferred out of AWS.
    • You are charged only for the amount of data you write to the Tape Gateway tape, not the tape capacity.
  • Limits

    • For File Shares

Description

File Gateway

Maximum number of file shares per Amazon S3 bucket. There is a one-to-one mapping between a file share and an S3 bucket

1

Maximum number of file shares per gateway

10

The maximum size of an individual file, which is the maximum size of an individual object in S3

5 TB

    • For Volumes

Description

Cached Volumes

Stored Volumes

Maximum size of a volume

32 TiB

16 TiB

Maximum number of volumes per gateway

32

32

Total size of all volumes for a gateway

1,024 TiB

512 TiB

    • For Tapes

Description

Tape Gateway

Minimum size of a virtual tape

100 GiB

Maximum size of a virtual tape

2.5 TiB

Maximum number of virtual tapes for a VTL

1,500

Total size of all tapes in a VTL

1 PiB

Maximum number of virtual tapes in archive

No limit

Total size of all tapes in a archive

No limit

 

Deep Dive: Hybrid Cloud Storage Architecture w/Storage Gateway:

 

Validate Your Knowledge

Question 1

A data analytics company keeps a massive volume of data which they store in their on-premises data center. To scale their storage systems, they are looking for cloud-backed storage volumes that they can mount using Internet Small Computer System Interface (iSCSI) devices from their on-premises application servers. They have an on-site data analytics application which frequently access the latest data subsets locally while the older data are rarely accessed. You are required to minimize the need to scale the on-premises storage infrastructure while still providing their web application with low-latency access to the data.

Which type of AWS Storage Gateway service will you use to meet the above requirements?

  1. Stored Volume Gateway
  2. Tape Gateway
  3. Cached Volume Gateway
  4. File Gateway

Correct Answer: 3

In this scenario, the technology company is looking for a storage service that will enable their analytics application to frequently access the latest data subsets and not the entire data set because it was mentioned that the old data are rarely being used. This requirement can be fulfilled by setting up a Cached Volume Gateway in AWS Storage Gateway.

By using cached volumes, you can use Amazon S3 as your primary data storage, while retaining frequently accessed data locally in your storage gateway. Cached volumes minimize the need to scale your on-premises storage infrastructure, while still providing your applications with low-latency access to frequently accessed data. You can create storage volumes up to 32 TiB in size and afterwards, attach these volumes as iSCSI devices to your on-premises application servers. When you write to these volumes, your gateway stores the data in Amazon S3. It retains the recently read data in your on-premises storage gateway’s cache and uploads buffer storage.

Cached volumes can range from 1 GiB to 32 TiB in size and must be rounded to the nearest GiB. Each gateway configured for cached volumes can support up to 32 volumes for a total maximum storage volume of 1,024 TiB (1 PiB).

In the cached volumes solution, AWS Storage Gateway stores all your on-premises application data in a storage volume in Amazon S3. Hence, the correct answer is Option 3.

Option 1 is incorrect because the requirement is to provide low latency access to the frequently accessed data subsets locally. Stored Volume Gateway is used if you need low-latency access to your entire dataset.

Option 2 is incorrect because a Tape Gateway is a cost-effective, durable, long-term offsite alternative for data archiving, which is not needed in this scenario.

Option 4 is incorrect because a File gateway does not provide you the required low-latency access to the frequently accessed data that the on-site analytics application needs.

References:
https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html#volume-gateway-concepts
https://docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway.html

Question 2

A financial services company, which has a hybrid cloud architecture, has hired you to manage their on-premises and cloud infrastructure. As part of their disaster and recovery plan, you should set up a durable backup and archiving system for their corporate documents stored on both on-premises and on their cloud storage. These documents should be immediately accessible within minutes for 6 months and be available for another 10 years to meet the data compliance.

Which of the following is the best and most cost-effective approach to implement for this scenario?

  1. Set up a new file gateway that connects to your on-premises data center using AWS Storage Gateway. Upload the files to the file gateway and use lifecycle policies to move the data into Glacier for archiving.
  2. Set up a new tape gateway that connects to your on-premises data center using AWS Storage Gateway. Upload the files to the tape gateway and use lifecycle policies to move the data into Glacier for archiving.
  3. Connect your on-premises network to your VPC by establishing a DIrect Connect connection. Upload the data on EBS Volumes and use lifecycle policies to automatically move the EBS snapshots to an S3 bucket, and then later to Glacier for archiving.
  4. Migrate all of the files from the on-premises network using Snowmobile. Upload the files to an S3 bucket and use lifecycle policies to move the data into Glacier for archiving.

Correct Answer: 1

AWS Storage Gateway supports the Amazon S3 Standard, Amazon S3 Standard-Infrequent Access, Amazon S3 One Zone-Infrequent Access and Amazon Glacier storage classes. When you create or update a file share, you have the option to select a storage class for your objects. You can either choose the Amazon S3 Standard or any of the infrequent access storage classes such as S3 Standard IA or S3 One Zone IA. Objects stored in any of these storage classes can be transitioned to Amazon Glacier using a Lifecycle Policy.

Although you can write object directly from a file share to the S3-Standard-IA or S3-One Zone-IA storage class, it is recommended you use a Lifecycle Policy to transition your objects rather than write directly from the file share, especially if you’re expecting to update or delete the object within 30 days of archiving it. Therefore, the correct answer is the option that says, “set up a new file gateway that connects to your on-premises data center using AWS Storage Gateway. Upload the files to the file gateway and use lifecycle policies to move the data into Glacier for archiving.

The option that says, “Set up a new tape gateway that connects to your on-premises data center using AWS Storage Gateway. Upload the files to the tape gateway and use lifecycle policies to move the data into Glacier for archiving” is incorrect because although tape gateways provide cost-effective and durable archive backup data in Amazon Glacier, it does not meet the criteria of being able to be retrieved immediately within minutes. It is better to set up a file gateway instead.

The option that says, Connect your on-premises network to your VPC by establishing a DIrect Connect connection. Upload the data on EBS Volumes and use lifecycle policies to automatically move the EBS snapshots to an S3 bucket, and then later to Glacier for archiving” is incorrect because EBS Volumes are not as durable compared with S3 and it would be more cost-efficient if you directly store the documents to an S3 bucket.

The option that says, “Migrate all of the files from the on-premises network using Snowmobile. Upload the files to an S3 bucket and use lifecycle policies to move the data into Glacier for archiving” is incorrect because Snowmobile is mainly used to migrate the entire data of an on-premises data center to AWS. This is not a suitable approach as the company still has a hybrid cloud architecture which means that they will still use their on-premises data center along with their AWS cloud infrastructure.

Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

For more AWS practice exam questions with detailed explanations, check this out:

Tutorials Dojo AWS Practice Exams

Sources: 
https://docs.aws.amazon.com/storagegateway/latest/userguide/
https://aws.amazon.com/storagegateway/features/
https://aws.amazon.com/storagegateway/pricing/
https://aws.amazon.com/storagegateway/faqs/

***

AWS Certifications are consistently among the top paying IT certifications in the world, considering that Amazon Web Services is the leading cloud services platform with almost 50% market share! Earn over $150,000 per year with an AWS certification!

Subscribe to our newsletter and notifications for more helpful AWS cheat sheets and study guides like this and answer as many AWS practice exams as you can.🙂

Enroll Now – AWS Certified Cloud Practitioner Practice Exams

AWS Certified Cloud Practitioner Practice Tests

Enroll Now – AWS Certified Solutions Architect Associate Practice Exams

AWS Certified Solutions Architect Associate

Enroll Now – AWS Certified Developer Associate Practice Exams

AWS Certified Developer Associate Tutorials Dojo

Enroll Now – AWS Certified SysOps Administrator Associate Practice Exams

AWS Certified SysOps Administrator Associate Tutorials Dojo

Enroll Now – AWS Certified Solutions Architect Professional Practice Exams

AWS Certified Solutions Architect Professional Tutorials Dojo

Affordable AWS Educational Materials

Browse Other Courses

Generic Category (English)300x250

Recent Posts