AWS storage gateway service enables hybrid cloud storage between on-premise and AWS Cloud enabling access virtually unlimited cloud storage. Seamlessly connects on-premises applications to cloud storage, caching data locally for low-latency access. AWS storage gateway service used industry standard storage protocols supporting NFS, SMB, iSCSI. Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud workloads, and tiered storage. Gateway here acts as a file server.
Three types of storage gateway:
| File Gateway | Store files as objects in Amazon S3, with a local cache for low-latency access to your most recently used data. | configure file shares that are mapped to selected S3 buckets | enables you to store and retrieve objects in Amazon S3 using file protocols, such as NFS. Objects written through file gateway can be directly accessed in S3 |
| Tape Gateway | Back up your data to Amazon S3 and archive in Amazon Glacier using your existing tape-based processes | connect your backup application to create and manage tapes | provides your backup application with an iSCSI virtual tape library (VTL) interface, consisting of a virtual media changer, virtual tape drives, and virtual tapes. Virtual tape data is stored in Amazon S3 or can be archived to Amazon Glacier. |
| Volume Gateway | Block storage in Amazon S3 with point-in-time backups as Amazon EBS snapshots | create and mount volumes as iSCSI devices | provides block storage to your applications using the iSCSI protocol. Data on the volumes is stored in Amazon S3. To access your iSCSI volumes in AWS, you can take EBS snapshots which can be used to create EBS volumes. |
Two types of volume gateway:
| Cached volumes | Low-latency access to your most recently used data. |
| Stored volumes | On-premises data with scheduled offsite backups. |
Gateway Hosting platform
A gateway is available as a virtual machine (VM) or as a physical hardware appliance. Can be one of the below:
- VMware ESXi
- Microsoft Hyper-V 2008 R2
- Microsoft Hyper-V 2012/2016
- Amazon EC2
- Hardware Appliance
The gateway connects your applications to AWS storage by providing standard storage interfaces. It provides transparent caching, efficient data transfer, and integration with AWS monitoring and security services.
Endpoint type
| Public Endpoint | Publicly accessible endpoint |
| VPC Endpoint | Accessible within your VPC |
Further on each storage types:
File Gateway
File gateway presents a file-based interface to Amazon S3, which appears as a network file share. It enables you to store and retrieve Amazon S3 objects through standard file storage protocols. File gateway allows your existing file-based applications or devices to use secure and durable cloud storage without needing to be modified. With file gateway, your configured S3 buckets will be available as Network File System (NFS) mount points or Server Message Block (SMB) file shares. Your applications read and write files and directories over NFS or SMB, interfacing to the gateway as a file server. In turn, the gateway translates these file operations into object requests on your S3 buckets. Your most recently used data is cached on the gateway for low-latency access, and data transfer between your data center and AWS is fully managed and optimized by the gateway. Once in S3, you can access the objects directly or manage them using features such as S3 Lifecycle Policies, object versioning, and cross-region replication. You can run file gateway on-premises or in EC2.
Use cases for file gateway include:
- Migrating on-premises file data to Amazon S3, while maintaining fast local access to recently accessed data.
- Backing up on-premises file data as objects in Amazon S3 (including Microsoft SQL Server and Oracle databases and logs), with the ability to use S3 capabilities such as lifecycle management, versioning and cross region replication.
- Hybrid cloud workflows using data generated by on-premises applications for processing by AWS services such as machine learning, big data analytics or serverless functions.
Limit: Max File size can be 5TB.
Volume Gateway
Volume gateway provides an iSCSI target, which enables you to create block storage volumes and mount them as iSCSI devices from your on-premises or EC2 application servers. The volume gateway runs in either a cached or stored mode.
- In the cached mode, your primary data is written to S3, while retaining your frequently accessed data locally in a cache for low-latency access.
- In the stored mode, your primary data is stored locally and your entire dataset is available for low-latency access while asynchronously backed up to AWS.
In either mode, you can take point-in-time snapshots of your volumes, which are stored as Amazon EBS Snapshots in AWS, enabling you to make space-efficient versioned copies of your volumes for data protection, recovery, migration and various other copy data needs.
Limit: Each volume gateway can support up to 32 volumes. In cached mode, each volume can be up to 32 TB for a maximum of 1 PB of data per gateway (32 volumes, each 32 TB in size). In stored mode, each volume can be up to 16 TB for a maximum of 512 TB of data per gateway (32 volumes, each 16 TB in size).
Tape Gateway
Tape gateway is a cloud-based Virtual Tape Library (VTL). It presents your backup application with a VTL interface, consisting of a media changer and tape drives. You can create virtual tapes in your virtual tape library using the AWS Management Console. Your backup application can read data from or write data to virtual tapes by mounting them to virtual tape drives using the virtual media changer. Virtual tapes are discovered by your backup application using its standard media inventory procedure. Virtual tapes are available for immediate access and are backed by Amazon S3. You can also archive tapes. Archived tapes are stored in Amazon S3 Glacier or Amazon S3 Glacier Deep Archive.
Security and Compliance:
Encryption in Transit and at Rest
All data transferred between any type of gateway appliance and AWS storage is encrypted using SSL. By default, all data stored by AWS Storage Gateway in S3 is encrypted server-side with Amazon S3-Managed Encryption Keys (SSE-S3). Also, you can optionally configure different gateway types to encrypt stored data with AWS Key Management Service (KMS) via the Storage Gateway API
Compliance
AWS Storage Gateway is HIPAA eligible. This can be used to store, backup and archive protected health information (PHI). Compliant with the Payment Card Industry Data Security Standard (PCI DSS) based on recent assessments.
Network Privacy
Storage Gateway on a private, non-routable network if that network is connected to your Amazon VPC via DX or VPN. Storage Gateway traffic will be routed via VPC endpoints powered AWS PrivateLink, a technology that enables private connectivity between AWS services using Elastic Network Interfaces (ENI) with private IPs in your VPCs.
NIHAR MALALI 
Leave a comment