Amazon FSx File Gateway is no longer available to new customers. Existing customers of FSx File Gateway can continue to use the service normally. For capabilities similar to FSx File Gateway, visit [this blog post](https://aws.amazon.com/blogs/storage/switch-your-file-share-access-from-amazon-fsx-file-gateway-to-amazon-fsx-for-windows-file-server/). # File Gateway setup requirements Unless otherwise noted, the following requirements are common to all File Gateway types in AWS Storage Gateway. Your setup must meet the requirements in this section. Review the requirements that apply to your gateway setup before you deploy your gateway. **Topics** + [ ## Prerequisites ](#user-requirements) + [ ## Hardware and storage requirements ](#requirements-hardware-storage) + [ ## Network and firewall requirements ](#networks) + [ ## Supported hypervisors and host requirements ](#requirements-host) + [ ## Supported SMB clients for File Gateway ](#requirements-smb-versions) + [ ## Supported file system operations for File Gateway ](#requirements-file-operations) + [ # Managing local disks for your gateway ](ManagingLocalStorage-common.md) ## Prerequisites Before you set up your Amazon FSx File Gateway (FSx File Gateway), you must meet the following prerequisites: + Create and configure an FSx for Windows File Server file system. For instructions, see [Step 1: Create Your File System](https://docs.aws.amazon.com//fsx/latest/WindowsGuide/getting-started-step1.html) in the *Amazon FSx for Windows File Server User Guide*. + Configure Microsoft Active Directory (AD) and create an Active Directory service account with the requisite permissions. For more information, see [Active Directory service account permission requirements](https://docs.aws.amazon.com/filegateway/latest/filefsxw/ad-serviceaccount-permissions.html). + Ensure that there is sufficient network bandwidth between the gateway and AWS. A minimum of 100 Mbps is required to successfully download, activate, and update the gateway. + Configure the connection you want to use for network traffic between AWS and the on-premises environment where you are deploying your gateway. You can connect using the public internet, private networking, a VPN, or Direct Connect. If you want your gateway to communicate AWS through a private connection to an Amazon Virtual Private Cloud, set up the Amazon VPC before you set up your gateway. + Make sure your gateway can resolve the name of your Active Directory Domain Controller. You can use DHCP in your Active Directory domain to handle resolution, or specify a DNS server manually from the Network Configuration settings menu in the gateway local console. ## Hardware and storage requirements The following sections provide information about the minimum required hardware and storage configurations for your gateway, and the minimum amount of disk space to allocate for the required storage. ### Hardware requirements for on-premises VMs Hardware requirements for on-premises VMs When deploying your gateway on-premises, ensure that the underlying hardware on which you deploy the gateway virtual machine (VM) can dedicate the following minimum resources: + Four virtual processors assigned to the VM + 16 GiB of reserved RAM for File Gateways + 80 GiB of disk space for installation of VM image and system data ### Requirements for Amazon EC2 instance types Requirements for Amazon EC2 instance types When deploying your gateway on Amazon Elastic Compute Cloud (Amazon EC2), the instance size must be at least **`xlarge`** for your gateway to function. However, for the compute-optimized instance family the size must be at least **`2xlarge`**. **Note** The Storage Gateway AMI is only compatible with x86-based instances that use Intel or AMD processors. ARM-based instances that use Graviton processors are not supported. Use one of the following instance types recommended for your gateway type. **Recommended for File Gateway types** + General-purpose instance family – **m5, m6, or m7** instance type. Choose the **xlarge** instance size or higher to meet the Storage Gateway processor and RAM requirements. + Compute-optimized instance family – **c5, c6, or c7** instance types. Choose the **2xlarge** instance size or higher to meet the Storage Gateway processor and RAM requirements. + Memory-optimized instance family – **r5, r6, or r7** instance types. Choose the **xlarge** instance size or higher to meet the Storage Gateway processor and RAM requirements. + Storage-optimized instance family – **i3, i4 or i7** instance types. Choose the **xlarge** instance size or higher to meet the Storage Gateway processor and RAM requirements. **Note** When you launch your gateway in Amazon EC2 and the instance type you choose supports ephemeral storage, the disks are listed automatically. For more information about Amazon EC2 instance storage, see [Instance storage](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html) in the *Amazon EC2 User Guide.* ### Storage requirements Storage requirements In addition to 80 GiB of disk space for the VM, you also need additional disks for your gateway. | Gateway type | Cache (minimum) | Cache (maximum) | | --- | --- | --- | | File Gateway | 150 GiB | 64 TiB | **Note** You can configure one or more local drives for your cache, up to the maximum capacity. When adding cache to an existing gateway, it's important to create new disks in your host (hypervisor or Amazon EC2 instance). Don't change the size of existing disks if the disks have been previously allocated as a cache. ## Network and firewall requirements Your gateway requires access to the internet, local networks, Domain Name Service (DNS) servers, firewalls, routers, and so on. Network bandwidth requirements vary based on the quantity of data that is uploaded and downloaded by the gateway. A minimum of 100Mbps is required to successfully download, activate, and update the gateway. Your data transfer patterns will determine the bandwidth necessary to support your workload. Following, you can find information about required ports and how to allow access through firewalls and routers. **Note** In some cases, you might deploy your gateway on Amazon EC2 or use other types of deployment (including on-premises) with network security policies that restrict AWS IP address ranges. In these cases, your gateway might experience service connectivity issues when the AWS IP range values changes. The AWS IP address range values that you need to use are in the Amazon service subset for the AWS Region that you activate your gateway in. For the current IP range values, see [AWS IP address ranges](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html) in the *AWS General Reference*. **Topics** + [ ### Port requirements ](#requirements-network) + [ ### Networking and firewall requirements for the Storage Gateway Hardware Appliance ](#appliance-network-requirements) + [ ### Allowing AWS Storage Gateway access through firewalls and routers ](#allow-firewall-gateway-access) + [ ### Configuring security groups for your Amazon EC2 gateway instance ](#EC2GatewayCustomSecurityGroup-common) ### Port requirements Port requirements FSx File Gateway requires specific ports to be allowed through your network security for successful deployment and operation. Some ports are required for all gateways, while others are required only for specific configurations, such as when connecting to VPC endpoints. For FSx File Gateway, you must use Microsoft Active Directory to allow domain users to access a Server Message Block (SMB) file share. You can join your File Gateway to any valid Microsoft Windows domain (resolvable by DNS). You can also use the Directory Service to create an [AWS Managed Microsoft AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html) in the Amazon Web Services Cloud. For most AWS Managed Microsoft AD deployments, you need to configure the Dynamic Host Configuration Protocol (DHCP) service for your VPC. For information about creating a DHCP options set, see [Create a DHCP options set](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/dhcp_options_set.html) in the *AWS Directory Service Administration Guide*. The following table lists the necessary ports and describes conditional requirements in the **Notes** column. **Port requirements for FSx File Gateway** | Network Element | From | To | Protocol | Port | Inbound | Outbound | Required | Notes | | --- | --- | --- | --- | --- | --- | --- | --- | --- | | Web browser | Your web browser | Storage Gateway VM | TCP HTTP | 80 | ✓ | ✓ | ✓ | Used by local systems to obtain the Storage Gateway activation key. Port 80 is used only during activation of a Storage Gateway appliance. A Storage Gateway VM doesn't require port 80 to be publicly accessible. The required level of access to port 80 depends on your network configuration. If you activate your gateway from the Storage Gateway Management Console, the host from which you connect to the console must have access to your gateway's port 80. | | Web browser | Storage Gateway VM | AWS | TCP HTTPS | 443 | ✓ | ✓ | ✓ | AWS Management Console (all other operations) | | DNS | Storage Gateway VM | Domain Name Service (DNS) server | TCP & UDP DNS | 53 | ✓ | ✓ | ✓ | Used for communication between a Storage Gateway VM and the DNS server for IP name resolution. | | NTP | Storage Gateway VM | Network Time Protocol (NTP) server | TCP & UDP NTP | 123 | ✓ | ✓ | ✓ | Used by on-premises systems to synchronize VM time to the host time. A Storage Gateway VM is configured to use the following NTP servers: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/filegateway/latest/filefsxw/Requirements.html) Not required for gateways hosted on Amazon EC2. | | Storage Gateway | Storage Gateway VM | Support Endpoint | TCP SSH | 22 | ✓ | ✓ | ✓ | Allows Support to access your gateway to help you with troubleshooting gateway issues. You don't need this port open for the normal operation of your gateway, but it is required for troubleshooting. For a list of support endpoints, see [Support endpoints](https://docs.aws.amazon.com//general/latest/gr/awssupport.html). | | Storage Gateway | Storage Gateway VM | AWS | TCP HTTPS | 443 | ✓ | ✓ | ✓ | Management control | | Amazon CloudFront | Storage Gateway VM | AWS | TCP HTTPS | 443 | ✓ | ✓ | ✓ | For activation | | VPC | Storage Gateway VM | AWS | TCP HTTPS | 443 | ✓ | ✓ | ✓\$1 | Management control \$1Required only when using VPC endpoints | | VPC | Storage Gateway VM | AWS | TCP HTTPS | 1026 | | ✓ | ✓\$1 | Control Plane endpoint \$1Required only when using VPC endpoints | | VPC | Storage Gateway VM | AWS | TCP HTTPS | 1027 | | ✓ | ✓\$1 | Anon Control Plane (for activation) \$1Required only when using VPC endpoints | | VPC | Storage Gateway VM | AWS | TCP HTTPS | 1028 | | ✓ | ✓\$1 | Proxy endpoint \$1Required only when using VPC endpoints | | VPC | Storage Gateway VM | AWS | TCP HTTPS | 1031 | | ✓ | ✓\$1 | Data Plane \$1Required only when using VPC endpoints | | VPC | Storage Gateway VM | AWS | TCP HTTPS | 2222 | | ✓ | ✓\$1 | SSH Support Channel for VPCe \$1Required only for opening support channel when using VPC endpoints | | VPC | Storage Gateway VM | AWS | TCP HTTPS | 443 | ✓ | ✓ | ✓\$1 | Management control \$1Required only when using VPC endpoints | | File share client | SMB Client | Storage Gateway VM | TCP or UDP SMBv3 | 445 | ✓ | ✓ | ✓ | File sharing data transfer session service. Replaces ports 137–139 for Microsoft Windows NT and later. | | Microsoft Active Directory | Storage Gateway VM | Active Directory server | UDP NetBIOS | 137 | ✓ | ✓ | ✓ | Name service | | Microsoft Active Directory | Storage Gateway VM | Active Directory server | UDP NetBIOS | 138 | ✓ | ✓ | ✓ | Datagram service | | Microsoft Active Directory | Storage Gateway VM | Active Directory server | TCP & UDP LDAP | 389 | ✓ | ✓ | ✓ | Directory System Agent (DSA) client connection | | Microsoft Active Directory | Storage Gateway VM | Active Directory server | TCP & UDP Kerberos | 88 | ✓ | ✓ | ✓ | Kerberos | | Microsoft Active Directory | Storage Gateway VM | Active Directory server | TCP Distributed Computing Environment/End Point Mapper (DCE/EMAP) | 135 | ✓ | ✓ | ✓ | RPC | | Amazon FSx connection | Storage Gateway VM | FSx for Windows File Server | TCP or UDP SMBv3 | 445 | ✓ | ✓ | ✓ | File sharing data transfer session service | ### Networking and firewall requirements for the Storage Gateway Hardware Appliance Networking and firewall requirements for the hardware appliance Each Storage Gateway Hardware Appliance requires the following network services: + **Internet access** – an always-on network connection to the internet through any network interface on the server. + **DNS services** – DNS services for communication between the hardware appliance and DNS server. + **Time synchronization** – an automatically configured Amazon NTP time service must be reachable. + **IP address** – A DHCP or static IPv4 address assigned. You cannot assign an IPv6 address. There are five physical network ports at the rear of the Dell PowerEdge R640 server. From left to right (facing the back of the server) these ports are as follows: 1. iDRAC 1. `em1` 1. `em2` 1. `em3` 1. `em4` You can use the iDRAC port for remote server management. ![\[network resources connected to hardware appliance using various ports.\]](http://docs.aws.amazon.com/filegateway/latest/filefsxw/images/ApplianceFirewallRules.png) A hardware appliance requires the following ports to operate. | Protocol | Port | Direction | Source | Destination | Usage | | --- | --- | --- | --- | --- | --- | | SSH | 22 | Outbound | Hardware appliance | `54.201.223.107` | Support channel | | DNS | 53 | Outbound | Hardware appliance | DNS servers | Name resolution | | UDP/NTP | 123 | Outbound | Hardware appliance | \$1.amazon.pool.ntp.org | Time synchronization | | HTTPS | 443 | Outbound | Hardware appliance | `*.amazonaws.com` | Data transfer | | HTTP | 8080 | Inbound | AWS | Hardware appliance | Activation (only briefly) | To perform as designed, a hardware appliance requires network and firewall settings as follows: + Configure all connected network interfaces in the hardware console. + Make sure that each network interface is on a unique subnet. + Provide all connected network interfaces with outbound access to the endpoints listed in the diagram preceding. + Configure at least one network interface to support the hardware appliance. For more information, see [Configuring hardware appliance network parameters](appliance-configure-network.md). **Note** For an illustration showing the back of the server with its ports, see [Physically installing your hardware appliance](appliance-rack-mount.md). All IP addresses on the same network interface (NIC), whether for a gateway or a host, must be on the same subnet. The following illustration shows the addressing scheme. ![\[host IP and service IP on a single subnet sharing one NIC.\]](http://docs.aws.amazon.com/filegateway/latest/filefsxw/images/ApplianceAddressing.png) For more information about activating and configuring a hardware appliance, see [Using the AWS Storage Gateway Hardware Appliance](hardware-appliance.md). ### Allowing AWS Storage Gateway access through firewalls and routers Allowing gateway access through firewall and routers Your gateway requires access to the following Storage Gateway service endpoints to communicate with AWS. During gateway setup, select the endpoint type for your gateway based on your network environment. If you use a firewall or router to filter or limit network traffic, you must configure your firewall and router to allow these service endpoints for outbound communication to AWS. **Note** If you configure private VPC endpoints for your Storage Gateway to use for connection and data transfer to and from AWS, your gateway does not require access to the public internet. For more information, see [Activating a gateway in a virtual private cloud](https://docs.aws.amazon.com/filegateway/latest/filefsxw/gateway-private-link.html). **Important** Replace *region* in the following endpoint examples with the correct AWS Region string for your gateway, such as `us-west-2`. Replace *amzn-s3-demo-bucket* with the actual name of the Amazon S3 bucket in your deployment. You can also use an asterisk (`*`) in place of *amzn-s3-demo-bucket* to create a wildcard entry in your firewall rules, which will allow list the service endpoint for all bucket names. If your gateways are deployed in AWS Regions in the United States or Canada and require Federal Information Processing Standard (FIPS) compliant endpoint connections, replace *s3* with `s3-fips`. #### Endpoint types **Standard endpoints** These endpoints support IPv4 traffic between your gateway appliance and AWS. The following service endpoint is required by all gateways for head-bucket operations. ``` bucket-name.s3.region.amazonaws.com:443 ``` The following service endpoints are required by all gateways for control path (`anon-cp`, `client-cp`, `proxy-app`) and data path (`dp-1`) operations. ``` anon-cp.storagegateway.region.amazonaws.com:443 client-cp.storagegateway.region.amazonaws.com:443 proxy-app.storagegateway.region.amazonaws.com:443 dp-1.storagegateway.region.amazonaws.com:443 ``` The following gateway service endpoint is required to make API calls. ``` storagegateway.region.amazonaws.com:443 ``` The following example is a gateway service endpoint in the US West (Oregon) Region (`us-west-2`). ``` storagegateway.us-west-2.amazonaws.com:443 ``` In addition to the Storage Gateway and Amazon S3 service endpoints, Storage Gateway VMs also require network access to the following NTP servers: ``` time.aws.com 0.amazon.pool.ntp.org 1.amazon.pool.ntp.org 2.amazon.pool.ntp.org 3.amazon.pool.ntp.org ``` For more information about supported AWS Regions and service endpoints, see [Storage Gateway](https://docs.aws.amazon.com/general/latest/gr/sg.html) in the *AWS General Reference*. ### Configuring security groups for your Amazon EC2 gateway instance Configuring security group In AWS Storage Gateway, a security group controls traffic to your Amazon EC2 gateway instance. When you configure a security group, we recommend the following: + The security group should not allow incoming connections from the outside internet. It should allow only instances within the gateway security group to communicate with the gateway. If you need to allow instances to connect to the gateway from outside its security group, we recommend that you allow connections only on port 80 (for activation). + If you want to activate your gateway from an Amazon EC2 host outside the gateway security group, allow incoming connections on port 80 from the IP address of that host. If you cannot determine the activating host's IP address, you can open port 80, activate your gateway, and then close access on port 80 after completing activation. + Allow port 22 access only if you are using Support for troubleshooting purposes. For more information, see [You want Support to help troubleshoot your Amazon EC2 gateway](troubleshooting-EC2-gateway-issues.md#EC2-EnableAWSSupportAccess). ## Supported hypervisors and host requirements You can run Storage Gateway on-premises as either a virtual machine (VM) appliance or a physical hardware appliance, or in AWS as an Amazon EC2 instance. **Note** UEFI boot mode with secure boot disabled (loader\$1secure=no) is required for File Gateway 2.x, Volume Gateway 3.x, and Tape Gateway 3.x. An xml file is provided with each qcow download as a quick set-up configuration. Storage Gateway supports the following hypervisor versions and hosts: + VMware ESXi Hypervisor (version 7.0 or 8.0) – For this setup, you also need a VMware vSphere client to connect to the host. + Microsoft Hyper-V Hypervisor (2019, 2022, or 2025) – For this setup, you need a Microsoft Hyper-V Manager on a Microsoft Windows client computer to connect to the host. + Linux Kernel-based Virtual Machine (KVM) – A free, open-source virtualization technology. KVM is included in all versions of Linux version 2.6.20 and newer. Storage Gateway is tested and supported for the CentOS/RHEL 7.7, RHEL 8.6 Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS distributions. Any other modern Linux distribution may work, but function or performance is not guaranteed. We recommend this option if you already have a KVM environment up and running and you are already familiar with how KVM works. Refer to the provided aws-storage-gateway.xml file for suggested boot configurations. UEFI boot mode with secure boot disabled (loader\$1secure=no) is required for File Gateway 2.x, Volume Gateway 3.x, and Tape Gateway 3.x. + Nutanix AHV (Acropolis Hypervisor) beginning with version 10.0.1.1 – A KVM-based virtualization platform that is integrated into the Nutanix hyper-converged infrastructure (HCI) solution. + Amazon EC2 instance – Storage Gateway provides an Amazon Machine Image (AMI) that contains the gateway VM image. For information about how to deploy a gateway on Amazon EC2, see [Deploy a default Amazon EC2 host for FSx File GatewayDeploy a customized Amazon EC2 host for FSx File Gateway](ec2-gateway-file.md). + Storage Gateway Hardware Appliance – Storage Gateway provides a physical hardware appliance as an on-premises deployment option for locations with limited virtual machine infrastructure. **Note** Storage Gateway doesn’t support recovering a gateway from a VM that was created from a snapshot or clone of another gateway VM or from your Amazon EC2 AMI. If your gateway VM malfunctions, activate a new gateway and recover your data to that gateway. For more information, see [Recovering from an unexpected virtual machine shutdown](best-practices.md#recover-from-gateway-shutdown). Storage Gateway doesn’t support dynamic memory and virtual memory ballooning. ## Supported SMB clients for File Gateway File Gateway supports the following Service Message Block (SMB) clients: + Microsoft Windows Server 2008 R2 and later + Windows desktop versions: 10, 8, and 7. + Windows Terminal Server running on Windows Server 2008 and later **Note** Server Message Block encryption requires clients that support SMB v3.x dialects. ## Supported file system operations for File Gateway Supported file system operations Your SMB client can write, read, delete, and truncate files. When clients send writes to Storage Gateway, it writes to local cache synchronously. Then it writes to Amazon FSx asynchronously through optimized transfers. Reads are first served through the local cache. If data is not available, it's fetched through Amazon FSx as a read-through cache. Writes and reads are optimized in that only the parts that are changed or requested are transferred through your gateway. Deletes remove files from Amazon FSx. # Managing local disks for your gateway Managing local disks The gateway virtual machine (VM) uses the local disks that you allocate on-premises for buffering and storage. A File Gateway that you create on an Amazon EC2 instance will use Amazon EBS volumes as local disks. The number and size of disks that you want to allocate for your gateway is up to you. The gateway uses the cache storage that you allocate to provide low-latency access to your recently accessed data. The cache storage acts as the on-premises durable store for data that is pending upload to Amazon FSx. File Gateways require at least one 150 GiB disk to use as a cache. After the initial configuration and deployment of your gateway, you can add more disks for cache storage as your workload demands increase. This section contains the following topics, which describe concepts and procedures related to managing local disks. **Topics** + [Deciding the amount of local disk storage](decide-local-disks-and-sizes.md) - Learn how to determine the number and size of local cache disks to allocate for your File Gateway. + [Configuring additional cache storage](ConfiguringLocalDiskStorage.md) - Learn how to increase the cache storage capacity of your File Gateway as your application needs change. + [Using ephemeral storage with EC2 gateways](ephemeral-disk-cache.md) - Learn how to prevent data loss when using ephemeral disk storage with File Gateway. # Deciding the amount of local disk storage When deploying an FSx File Gateway, consider how much cache disk to allocate. FSx File Gateway uses a least recently used algorithm to automatically evict data from the cache. The cache on an FSx File Gateway is shared between all of the file shares on that gateway. If you have multiple active shares, it's important to note that heavy utilization on one share could impact the amount of cache resources that another share has access to, possibly impacting performance. When determining how much cache disk you need for a given workload, it's important to note that you can always add cache disk to your gateway (up to the current quotas on FSx File Gateway), but you can't decrease the cache for a given gateway. You can perform a basic analysis on the dataset to determine the right amount of cache disk, but there's not a way to determine exactly how much data is ‘hot,’ and needs to be stored locally, versus ‘cold’ and can be tiered to the cloud. Workloads change over time, and FSx File Gateway provides flexibility and elasticity related to the amount of resources that can be consumed. The amount of cache can always be increased, so starting small and increasing as needed is often the most cost-effective approach. You can use an initial approximation of 150 GiB to provision disks for the cache storage during gateway setup. You can then use Amazon CloudWatch operational metrics to monitor the cache storage usage and provision more storage as needed using the console. For information on using the metrics and setting up alarms, see [Performance and optimization](Performance.md). **Note** Underlying physical storage resources are represented as a data store in VMware. When you deploy the gateway VM, you choose a data store on which to store the VM files. When you provision a local disk (for example, to use as cache storage), you have the option to store the virtual disk in the same data store as the VM or a different data store. If you have more than one data store, we strongly recommend that you choose one data store for the cache storage. A data store that is backed by only one underlying physical disk can lead to poor performance in some situations when it is used to back both the cache storage. This is also true if the backup is a less-performant RAID configuration such as RAID1. # Configuring additional cache storage Add cache storage As your application needs change, you can increase the gateway's cache storage capacity. You can add storage capacity to your gateway without interrupting functionality or causing downtime. When you add more storage, you do so with the gateway VM turned on. **Important** When adding cache to an existing gateway, you must create new disks on the gateway host hypervisor or Amazon EC2 instance. Do not remove or change the size of existing disks that have already been allocated as cache. **To configure additional cache storage for your gateway** 1. Provision one or more new disks on your gateway host hypervisor or Amazon EC2 instance. For information about how to provision a disk on a hypervisor, see your hypervisor's documentation. For information about provisioning Amazon EBS volumes for an Amazon EC2 instance, see [Amazon EBS volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes.html) in the *Amazon Elastic Compute Cloud User Guide for Linux Instances*. In the following steps, you will configure this disk as cache storage. 1. Open the Storage Gateway console at [https://console.aws.amazon.com/storagegateway/home](https://console.aws.amazon.com/storagegateway/). 1. In the navigation pane, choose **Gateways**. 1. Search for your gateway and select it from the list. 1. From the **Actions** menu, choose **Configure cache storage**. 1. In the **Configure cache storage** section, identify the disks you provisioned. If you don't see your disks, choose the refresh icon to refresh the list. For each disk, choose **Cache** from the **Allocated to** drop-down menu. **Note** **Cache** is the only available option for allocating disks on a File Gateway. 1. Choose **Save changes** to save your configuration settings. # Using ephemeral storage with EC2 gateways We do not recommend the use of ephemeral disks for cache storage on FSx File Gateways. Ephemeral disks provide temporary block-level storage for your Amazon EC2 instance. When you launch your gateway with an Amazon EC2 Amazon Machine Image and the instance type you select supports ephemeral storage, the ephemeral disks are listed automatically. You can select one of the disks to store your gateway's cache data. For more information, see [Amazon EC2 instance store](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html) in the *Amazon EC2 User Guide*. Data that applications write to the gateway is stored synchronously in cache on the ephemeral disks, and then asynchronously uploaded to durable storage in FSx for Windows File Server. If the Amazon EC2 instance is stopped after data is written to ephemeral storage, but before an asynchronous upload occurs, any data that has not yet been uploaded to FSx for Windows File Server can be lost. **Important** If you stop and start an Amazon EC2 gateway that uses ephemeral storage, the gateway will be permanently offline. This happens because the physical storage disk is replaced. There is no work-around for this issue. The only resolution is to delete the gateway and activate a new one on a new EC2 instance.