# Creating your gateway
<a name="creating-your-gateway"></a>

The overview sections on this page provide a high-level synopsis of how the Storage Gateway creation process works. For step-by-step procedures to create a specific type of gateway using the Storage Gateway console, see the following topics:
+ [Create and activate an Amazon S3 File Gateway](https://docs.aws.amazon.com/filegateway/latest/files3/create-gateway-file.html)
+ [Create and activate an Amazon FSx File Gateway](https://docs.aws.amazon.com/filegateway/latest/filefsxw/create-gateway-file.html)
+ [Create and activate a Tape Gateway](https://docs.aws.amazon.com/storagegateway/latest/tgw/create-tape-gateway.html)
+ [Create and activate a Volume Gateway](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway-volume.html)

**Important**  
Amazon FSx File Gateway is no longer available to new customers. Existing customers of FSx File Gateway can continue to use the service normally. For capabilities similar to FSx File Gateway, visit [this blog post](https://aws.amazon.com/blogs/storage/switch-your-file-share-access-from-amazon-fsx-file-gateway-to-amazon-fsx-for-windows-file-server/).

## Overview - Gateway Activation
<a name="how-it-works-create-gateway-activate"></a>

Gateway activation involves setting up your gateway, connecting it to AWS, then reviewing your settings and activating it.

### Set up gateway
<a name="w2ab1c15b9b5"></a>

To set up your Storage Gateway, you first choose the type of gateway you want to create and the host platform on which you will run the gateway virtual appliance. You then download the gateway virtual appliance template for the platform of your choice and deploy it in your on-premises environment. You can also deploy your Storage Gateway as a physical hardware appliance that you order from your preferred reseller, or as an Amazon EC2 instance in your AWS cloud environment. When you deploy the gateway appliance, you allocate local physical disk space on the virtualization host.

### Connect to AWS
<a name="w2ab1c15b9b7"></a>

The next step is to connect your gateway to AWS. To do this, you first choose the type of service endpoint you want to use for communications between the gateway virtual appliance and AWS services in the cloud. This endpoint can be accessible from the public internet, or only from within your Amazon VPC, where you have full control over the network security configuration. You then specify the gateway's IP address or its activation key, which you can obtain by connecting to the local console on the gateway appliance.

### Review and activate
<a name="w2ab1c15b9b9"></a>

At this point, you'll have an opportunity to review the gateway and connection options you chose, and make changes if necessary. When everything is set up the way you want you can activate the gateway. Before you can start using your activated gateway, you will need to configure some additional settings and create your storage resources.

## Overview - Gateway Configuration
<a name="how-it-works-create-gateway-configure"></a>

After you activate your Storage Gateway, you need to perform some additional configuration. In this step, you allocate the physical storage you provisioned on the gateway host platform to be used as either the cache or the upload buffer by the gateway appliance. You then configure settings to help monitor the health of your gateway using Amazon CloudWatch Logs and CloudWatch alarms, and add tags to help identify the gateway, if desired. Before you can start using your activated and configured gateway, you will need to create your storage resources.

## Overview - Storage Resources
<a name="how-it-works-create-resource"></a>

After you activate and configure your Storage Gateway, you need to create cloud storage resources for it to use. Depending on the type of gateway you created, you will use the Storage Gateway console to create Volumes, Tapes, or Amazon S3 or Amazon FSx files shares to associate with it. Each gateway type uses its respective resources to emulate the related type of network storage infrastructure, and transfers the data you write to it into the AWS cloud.

# Creating a Volume Gateway
<a name="create-volume-gateway"></a>

In this section, you can find instructions on how to download, deploy, and activate a Volume Gateway. 

**Topics**
+ [

## Set up a Volume Gateway
](#set-up-gateway-volume)
+ [

## Connect your Volume Gateway to AWS
](#connect-to-amazon-volume)
+ [

## Review settings and activate your Volume Gateway
](#review-and-activate-volume)
+ [

## Configure your Volume Gateway
](#configure-gateway-volume)

## Set up a Volume Gateway
<a name="set-up-gateway-volume"></a>

**To set up a new Volume Gateway**

1. Open the AWS Management Console at [https://console.aws.amazon.com/storagegateway/home/](https://console.aws.amazon.com/storagegateway/home/), and choose the AWS Region where you want to create your gateway.

1. Choose **Create gateway** to open the **Set up gateway** page.

1. In the **Gateway settings** section, do the following:

   1. For **Gateway name**, enter a name for your gateway. You can search for this name to find your gateway on list pages in the Storage Gateway console.

   1. For **Gateway time zone**, choose the local time zone for the part of the world where you want to deploy your gateway.

1. In the **Gateway options** section, for **Gateway type**, choose **Volume Gateway**, then choose the volume type your gateway will use. You can choose from the following options:
   + **Cached volumes** - Stores your primary data in Amazon S3 and retains frequently accessed data locally in cache for faster access.
   + **Stored volumes** - Stores all of your data locally while also backing it up asynchronously to Amazon S3. Gateways using this volume type cannot be deployed on Amazon EC2.

1. In the **Platform options** section, do the following:

   1. For **Host platform**, choose the platform on which you want to deploy your gateway, then follow the platform-specific instructions displayed on the Storage Gateway console page to set up your host platform. You can choose from the following options:
      + **VMware ESXi** - Download, deploy, and configure the gateway virtual machine using VMware ESXi.
      + **Microsoft Hyper-V** - Download, deploy, and configure the gateway virtual machine using Microsoft Hyper-V.
      + **Linux KVM** - Download, deploy, and configure the gateway virtual machine using Linux KVM. Refer to the provided aws-storage-gateway.xml file for suggested boot configurations. UEFI boot mode with secure boot disabled (loader\$1secure=no) is required for File Gateway 2.x, Volume Gateway 3.x, and Tape Gateway 3.x.
      + **Amazon EC2** - Configure and launch an Amazon EC2 instance to host your gateway. This option is not available for **Stored volume** gateways.
      + **Hardware appliance** - Order a dedicated physical hardware appliance from AWS to host your gateway.

   1. For **Confirm set up gateway**, select the check box to confirm that you performed the deployment steps for the host platform you chose. This step is not applicable for the **Hardware appliance** host platform.

1. Choose **Next** to proceed.

Now that your gateway is set up, you need to choose how you want it to connect and communicate with AWS. For instructions, see [Connect your Volume Gateway to AWS](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html#connect-to-amazon-volume).

## Connect your Volume Gateway to AWS
<a name="connect-to-amazon-volume"></a>

**To connect a new Volume Gateway to AWS**

1. Complete the procedure described in [Set up a Volume Gateway](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html#set-up-gateway-volume) if you have not done so already. When finished, choose **Next** to open the **Connect to AWS** page in the Storage Gateway console.

1. In the **Endpoint options** section, for **Service endpoint**, choose the type of endpoint your gateway will use to communicate with AWS. You can choose from the following options:
   + **Publicly accessible** - Your gateway communicates with AWS over the public internet. If you select this option, use the **FIPS enabled endpoint** check box to specify whether the connection should comply with Federal Information Processing Standards (FIPS).
**Note**  
If you require FIPS 140-2 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS-compliant endpoint. For more information, see [Federal Information Processing Standard (FIPS) 140-2](https://aws.amazon.com/compliance/fips/).  
The FIPS service endpoint is only available in some AWS Regions. For more information, see [Storage Gateway endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/sg.html) in the *AWS General Reference*.
   + **VPC hosted** - Your gateway communicates with AWS through a private connection with your VPC, allowing you to control your network settings. If you select this option, you must specify an existing VPC endpoint by choosing its VPC endpoint ID from the drop-down menu, or by providing its VPC endpoint DNS name or IP address.

1. In the **Gateway connection options** section, for **Connection options**, choose how to identify your gateway to AWS. You can choose from the following options:
   + **IP address** - Provide the IP address of your gateway in the corresponding field. This IP address must be public or accessible from within your current network, and you must be able to connect to it from your web browser.

     You can obtain the gateway IP address by logging into the gateway's local console from your hypervisor client, or by copying it from your Amazon EC2 instance details page.
   + **Activation key** - Provide the activation key for your gateway in the corresponding field. You can generate an activation key using the gateway's local console. Choose this option if your gateway's IP address is unavailable.

1. Choose **Next** to proceed.

Now that you have chosen how you want your gateway to connect to AWS, you need to activate the gateway. For instructions, see [Review settings and activate your Volume Gateway](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html#review-and-activate-volume).

## Review settings and activate your Volume Gateway
<a name="review-and-activate-volume"></a>

**To activate a new Volume Gateway**

1. Complete the procedures described in the following topics if you have not done so already:
   + [Set up a Volume Gateway](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html#set-up-gateway-volume)
   + [Connect your Volume Gateway to AWS](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html#connect-to-amazon-volume)

   When finished, choose **Next** to open the **Review and activate** page in the Storage Gateway console.

1. Review the initial gateway details for each section on the page.

1. If a section contains errors, choose **Edit** to return to the corresponding settings page and make changes.
**Note**  
You cannot modify the gateway options or connection settings after your gateway is created.

1. Choose **Activate gateway** to proceed.

Now that you have activated your gateway, you need to perform first-time configuration to allocate local storage disks and configure logging. For instructions, see [Configure your Volume Gateway](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html#configure-gateway-volume).

## Configure your Volume Gateway
<a name="configure-gateway-volume"></a>

**To perform first-time configuration on a new Volume Gateway**

1. Complete the procedures described in the following topics if you have not done so already:
   + [Set up a Volume Gateway](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html#set-up-gateway-volume)
   + [Connect your Volume Gateway to AWS](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html#connect-to-amazon-volume)
   + [Review settings and activate your Volume Gateway](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html#review-and-activate-volume)

   When finished, choose **Next** to open the **Configure gateway** page in the Storage Gateway console.

1. In the **Configure storage** section, use the drop-down menus to allocate at least one disk with at least **165 GiB** capacity for **CACHE STORAGE**, and at least one disk with at least **150 GiB** capacity for **UPLOAD BUFFER**. The local disks listed in this section correspond to the physical storage that you provisioned on your host platform.

1. In the **CloudWatch log group** section, choose how to set up Amazon CloudWatch Logs to monitor the health of your gateway. You can choose from the following options:
   + **Create a new log group** - Set up a new log group to monitor your gateway.
   + **Use an existing log group** - Choose an existing log group from the corresponding drop-down menu.
   + **Deactivate logging** - Do not use Amazon CloudWatch Logs to monitor your gateway.
**Note**  
To receive Storage Gateway health logs, the following permissions must be present in your log group resource policy. Replace the *highlighted section* with the specific log group resourceArn information for your deployment.  

   ```
   "Sid": "AWSLogDeliveryWrite20150319",
         "Effect": "Allow",
         "Principal": {
           "Service": [
             "delivery.logs.amazonaws.com"
           ]
         },
         "Action": [
           "logs:CreateLogStream",
           "logs:PutLogEvents"
         ],
         "Resource": "arn:aws:logs:eu-west-1:1234567890:log-group:/foo/bar:log-stream:*"
   ```
The "Resource" element is required only if you want the permissions to apply explicitly to an individual log group.

1. In the **CloudWatch alarms** section, choose how to set up Amazon CloudWatch alarms to notify you when gateway metrics deviate from defined limits. You can choose from the following options:
   + **Create Storage Gateway's recommended alarms** – Create all recommended CloudWatch alarms automatically when the gateway is created. For more information about recommended alarms, see [Understanding CloudWatch alarms](https://docs.aws.amazon.com/storagegateway/latest/vgw/Main_monitoring-gateways-common.html#cloudwatch-alarms).
**Note**  
This feature requires CloudWatch policy permissions, which are *not* automatically granted as part of the preconfigured Storage Gateway full access policy. Make sure your security policy grants the following permissions before you attempt to create recommended CloudWatch alarms:  
`cloudwatch:PutMetricAlarm` - create alarms
`cloudwatch:DisableAlarmActions` - turn alarm actions off
`cloudwatch:EnableAlarmActions` - turn alarm actions on
`cloudwatch:DeleteAlarms` - delete alarms
   + **Create a custom alarm** – Configure a new CloudWatch alarm to notify you about your gateway's metrics. Choose **Create alarm** to define metrics and specify alarm actions in the Amazon CloudWatch console. For instructions, see [Using Amazon CloudWatch alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html) in the *Amazon CloudWatch User Guide*.
   + **No alarm** – Don't receive CloudWatch notifications about your gateway's metrics.

1. (Optional) In the **Tags** section, choose **Add new tag**, then enter a case-sensitive key-value pair to help you search and filter for your gateway on list pages in the Storage Gateway console. Repeat this step to add as many tags as you need.

1. Choose **Configure** to finish creating your gateway.

   To check the status of your new gateway, search for it on the **Gateway overview** page of the Storage Gateway.

Now that you have created your gateway, you need to create a volume for it to use. For instructions, see [Creating a volume](https://docs.aws.amazon.com/storagegateway/latest/vgw/GettingStartedCreateVolumes.html).

# Creating a storage volume
<a name="GettingStartedCreateVolumes"></a>

Previously, you allocated local disks that you added to the VM cache storage and upload buffer. Now you create a storage volume to which your applications read and write data. The gateway maintains the volume's recently accessed data locally in cache storage, and asynchronously transferred data to Amazon S3. For stored volumes, you allocated local disks that you added to the VM upload buffer and your application's data.

**Note**  
You can use AWS Key Management Service (AWS KMS) to encrypt data written to a cached volume that is stored in Amazon S3. Currently, you can do this by using the *AWS Storage Gateway API Reference*. For more information, see [CreateCachediSCSIVolume](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateCachediSCSIVolume.html) or [create-cached-iscsi-volume](https://docs.aws.amazon.com/cli/latest/reference/storagegateway/create-cached-iscsi-volume.html).

**To create a volume**

1. Open the Storage Gateway console at [https://console.aws.amazon.com/storagegateway/home](https://console.aws.amazon.com/storagegateway/).

1. On the Storage Gateway console, choose **Create volume**.

1. In the **Create volume** dialog box, choose a gateway for **Gateway**. 

1. For the cached volumes, enter the capacity in **Capacity**.

   For stored volumes, choose a **Disk ID** value from the list.

1. For **Volume content**, your choices depend on the type of gateway that you're creating the volume for.

   For cached volumes, you have the following options: 
   + **Create a new empty volume**.
   + **Create a volume based on an Amazon EBS snapshot**. If you choose this option, provide a value for **EBS snapshot ID**.
**Note**  
Storage Gateway does not support creating cached volumes from snapshots of AWS Marketplace volumes.
   + **Clone from last volume recovery point**. If you choose this option, choose a volume ID for **Source volume**. If there are no volumes in the Region, this option doesn't appear.

   For stored volumes, you have the following options: 
   + **Create a new empty volume**. 
   + **Create a volume based on a snapshot**. If you choose this option, provide a value for **EBS snapshot ID**.
   + **Preserve existing data on the disk**

1. Enter a name for **iSCSI target name**.

   The target name can contain lowercase letters, numbers, periods (.), and hyphens (-). This target name appears as the **iSCSI target node** name in the **Targets** tab of the **iSCSI Microsoft initiator** UI after discovery. For example, the name `target1` appears as `iqn.1007-05.com.amazon:target1`. Make sure that the target name is globally unique within your storage area network (SAN). 

1. Verify that the **Network interface** setting has IP address selected, or choose an IP address for **Network interface**. For **Network interface**, one IP address appears for each adapter that is configured for the gateway VM. If the gateway VM is configured for only one network adapter, no **Network interface** list appears because there is only one IP address.

   Your iSCSI target will be available on the network adapter you choose.

   If you have defined your gateway to use multiple network adapters, choose the IP address that your storage applications should use to access your volume. For information about configuring multiple network adapters, see [Configuring Your Gateway for Multiple NICs](NICConfiguring-common.md#MaintenanceMultiNIC-common).
**Note**  
After you choose a network adapter, you can't change this setting. 

1. (Optional) For **Tags**, enter a key and value to add tags to your volume. A tag is a case-sensitive key-value pair that helps you manage, filter, and search for your volumes. 

1. Choose **Create volume**. 

   If you have previously created volumes in this Region, you can see them listed on the Storage Gateway console. 

   The **Configure CHAP Authentication** dialog box appears. At this point, you can configure Challenge-Handshake Authentication Protocol (CHAP) for your volume, or you can choose **Cancel** and configure CHAP later. For more information about CHAP setup, see [Configure CHAP authentication for your volumes](#GettingStartedConfigureChap-stored).

If you don't want to set up CHAP, get started using your volume. For more information, see [Connecting your volumes to your client](GettingStartedAccessVolumes.md).

## Configure CHAP authentication for your volumes
<a name="GettingStartedConfigureChap-stored"></a>

CHAP provides protection against playback attacks by requiring authentication to access your storage volume targets. In the **Configure CHAP Authentication** dialog box, you provide information to configure CHAP for your volumes.

**To configure CHAP**

1. Choose the volume for which you want to configure CHAP.

1. For **Actions**, choose **Configure CHAP authentication**.

1. For **Initiator Name**, enter the name of your initiator.

1. For **Initiator secret**, enter the secret phrase that you used to authenticate your iSCSI initiator.

1. For **Target secret**, enter the secret phrase used to authenticate your target for mutual CHAP.

1. Choose **Save** to save your entries. 

   For more information about setting up CHAP authentication, see [Configuring CHAP Authentication for Your iSCSI Targets](ConfiguringiSCSIClientInitiatorCHAP.md).

**Next step**

[Connecting your volumes to your client](GettingStartedAccessVolumes.md) 

# Connecting your volumes to your client
<a name="GettingStartedAccessVolumes"></a>

You use the iSCSI initiator in your client to connect to your volumes. At the end of the following procedure, the volumes become available as local devices on your client.

**Important**  
With Storage Gateway, you can connect multiple hosts to the same volume if the hosts coordinate access by using Windows Server Failover Clustering (WSFC). You can't connect multiple hosts to the same volume without using WSFC, for example by sharing a nonclustered NTFS/ext4 file system. 

**Topics**
+ [

## Connecting to a Microsoft Windows client
](#issci-windows)
+ [

## Connecting to a Red Hat Enterprise Linux client
](#issci-rhel)

## Connecting to a Microsoft Windows client
<a name="issci-windows"></a>

The following procedure shows a summary of the steps that you follow to connect to a Windows client. For more information, see [Connecting iSCSI Initiators](initiator-connection-common.md).

**To connect to a Windows client**

1. Start iscsicpl.exe.

1. In the **iSCSI Initiator Properties** dialog box, choose the **Discovery** tab, and then choose **Discovery Portal**.

1. In the **Discover Target Portal** dialog box, type the IP address of your iSCSI target for IP address or DNS name. 

1. Connect the new target portal to the storage volume target on the gateway.

1. Choose the target, and then choose **Connect**.

1. In the **Targets** tab, make sure that the target status has the value **Connected**, indicating the target is connected, and then choose **OK**. 

## Connecting to a Red Hat Enterprise Linux client
<a name="issci-rhel"></a>

The following procedure shows a summary of the steps that you follow to connect to a Red Hat Enterprise Linux (RHEL) client. For more information, see [Connecting iSCSI Initiators](initiator-connection-common.md).

**To connect a Linux client to iSCSI targets**

1. Install the iscsi-initiator-utils RPM package.

   You can use the following command to install the package.

   ```
   sudo yum install iscsi-initiator-utils
   ```

1. Make sure that the iSCSI daemon is running.

   For RHEL 5 or 6, use the following command.

   ```
   sudo /etc/init.d/iscsi status
   ```

   For RHEL 7, 8, or 9, use the following command.

   ```
   sudo service iscsid status
   ```

1. Discover the volume or VTL device targets defined for a gateway. Use the following discovery command.

   ```
   sudo /sbin/iscsiadm --mode discovery --type sendtargets --portal [GATEWAY_IP]:3260
   ```

   The output of the discovery command should look like the following example output.

   For Volume Gateways: `[GATEWAY_IP]:3260, 1 iqn.1997-05.com.amazon:myvolume `

   For Tape Gateways: `iqn.1997-05.com.amazon:[GATEWAY_IP]-tapedrive-01`

1. Connect to a target. 

   Make sure to specify the correct *[GATEWAY\$1IP]* and IQN in the connect command.

   Use the following command.

   ```
   sudo /sbin/iscsiadm --mode node --targetname iqn.1997-05.com.amazon:[ISCSI_TARGET_NAME] --portal [GATEWAY_IP]:3260,1 --login
   ```

1. Verify that the volume is attached to the client machine (the initiator). To do so, use the following command.

   ```
   ls -l /dev/disk/by-path
   ```

   The output of the command should look like the following example output.

   `lrwxrwxrwx. 1 root root 9 Apr 16 19:31 ip-[GATEWAY_IP]:3260-iscsi-iqn.1997-05.com.amazon:myvolume-lun-0 -> ../../sda`

   We highly recommend that after you set up your initiator you customize your iSCSI settings as discussed in [Customizing Your Linux iSCSI Settings](recommendediSCSISettings.md#CustomizeLinuxiSCSISettings).

# Initializing and formatting your volume
<a name="format-volume"></a>

After you use the iSCSI initiator in your client to connect to your volumes, you initialize and format your volume.

**Topics**
+ [

## Initializing and formatting your volume on Microsoft Windows
](#format-windows)
+ [

## Initializing and formatting your volume on Red Hat Enterprise Linux
](#format-rhel)

## Initializing and formatting your volume on Microsoft Windows
<a name="format-windows"></a>

Use the following procedure to initialize and format your volume on Windows.<a name="GettingStartedAccessVolumesFormatting"></a>

**To initialize and format your storage volume**

1. Start **diskmgmt.msc** to open the **Disk Management** console.

1. In the **Initialize Disk** dialog box, initialize the volume as a **MBR (Master Boot Record)** partition. When selecting the partition style, you should take into account the type of volume you are connecting to—cached or stored—as shown in the following table.    
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/storagegateway/latest/vgw/format-volume.html)

1. Create a simple volume:

   1. Bring the volume online to initialize it. All the available volumes are displayed in the disk management console. 

   1. Open the context (right-click) menu for the disk, and then choose **New Simple Volume**.
**Important**  
Be careful not to format the wrong disk. Check to make sure that the disk you are formatting matches the size of the local disk you allocated to the gateway VM and that it has a status of **Unallocated**. 

   1. Specify the maximum disk size.

   1. Assign a drive letter or path to your volume, and format the volume by choosing **Perform a quick format**.
**Important**  
We strongly recommend using **Perform a quick format** for cached volumes. Doing so results in less initialization I/O, smaller initial snapshot size, and the fastest time to a usable volume. It also avoids using cached volume space for the full format process.
**Note**  
The time that it takes to format the volume depends on the size of the volume. The process might take several minutes to complete.

## Initializing and formatting your volume on Red Hat Enterprise Linux
<a name="format-rhel"></a>

Use the following procedure to initialize and format your volume on Red Hat Enterprise Linux (RHEL).

**To initialize and format your storage volume**

1. Change directory to the `/dev` folder.

1. Run the `sudo cfdisk` command.

1. Identify your new volume by using the following command. To find new volumes, you can list the partition layout of your volumes.

   `$ lsblk`

   An "unrecognized volumes label" error for the new unpartitioned volume appears.

1. Initialize your new volume. When selecting the partition style, you should take into account the size and type of volume you are connecting to—cached or stored—as shown in the following table.    
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/storagegateway/latest/vgw/format-volume.html)

   For an MBR partition, use the following command: `sudo parted /dev/your volume mklabel msdos`

   For a GPT partition, use the following command: `sudo parted /dev/your volume mklabel gpt`

1. Create a partition by using the following command.

   `sudo parted -a opt /dev/your volume mkpart primary file system 0% 100%`

1. Assign a drive letter to the partition and create a file system by using the following command.

   `sudo mkfs -L datapartition /dev/your volume`

1. Mount the file system by using the following command.

    `sudo mount -o defaults /dev/your volume /mnt/your directory` 

# Testing your gateway
<a name="GettingStartedTestGatewayMain"></a>

You test your Volume Gateway setup by performing the following tasks:

1. Write data to the volume.

1. Take a snapshot.

1. Restore the snapshot to another volume.



You verify the setup for a gateway by taking a snapshot backup of your volume and storing the snapshot in AWS. You then restore the snapshot to a new volume. Your gateway copies the data from the specified snapshot in AWS to the new volume.

**Note**  
Restoring data from Amazon Elastic Block Store (Amazon EBS) volumes that are encrypted is not supported.

**To create an Amazon EBS snapshot of a storage volume on Microsoft Windows**

1. On your Windows computer, copy some data to your mapped storage volume.

   The amount of data copied doesn't matter for this demonstration. A small file is enough to demonstrate the restore process.

1. In the navigation pane of the Storage Gateway console, choose **Volumes**.

1. Choose the storage volume that you created for the gateway.

   This gateway should have only one storage volume. Choose the volume displays its properties.

1. For **Actions**, choose **Create EBS snapshot** to create a snapshot of the volume.

   Depending on the amount of data on the disk and the upload bandwidth, it might take a few seconds to complete the snapshot. Note the volume ID for the volume from which you create a snapshot. You use the ID to find the snapshot.

1. In the **Create EBS Snapshot** dialog box, provide a description for your snapshot.

1. (Optional) For **Tags**, enter a key and value to add tags to the snapshot. A tag is a case-sensitive key-value pair that helps you manage, filter, and search for your snapshots. 

1. Choose **Create Snapshot**. Your snapshot is stored as an Amazon EBS snapshot. Note your snapshot ID. The number of snapshots created for your volume is displayed in the snapshot column.

1. In the **EBS snapshots** column, choose the link for the volume that you created the snapshot for to see your EBS snapshot on the Amazon EC2 console.



**To restore a snapshot to another volume**  
See [Creating a storage volume](GettingStartedCreateVolumes.md).

# Backing up your volumes
<a name="backing-up-volumes"></a>

By using Storage Gateway, you can help protect your on-premises business applications that use Storage Gateway volumes for cloud-backed storage. You can back up your on-premises Storage Gateway volumes using the native snapshot scheduler in Storage Gateway or AWS Backup. In both cases, Storage Gateway volume backups are stored as Amazon EBS snapshots in Amazon Web Services. 

**Topics**
+ [

## Using Storage Gateway to back up your volumes
](#backup-with-sgw)
+ [

## Using AWS Backup to back up your volumes
](#aws-backup-volumes)

## Using Storage Gateway to back up your volumes
<a name="backup-with-sgw"></a>

You can use the Storage Gateway Management Console to back up your volumes by taking Amazon EBS snapshots and storing the snapshots in Amazon Web Services. You can either take a one-time snapshot or set up a snapshot schedule that is managed by Storage Gateway. You can later restore the snapshot to a new volume by using the Storage Gateway console. For information about how to back up and manage your backup from the Storage Gateway, see the following topics:
+ [Testing your gateway](GettingStartedTestGatewayMain.md) 
+ [Creating a recovery snapshot](snapshot.md) 
+ [Cloning a cached volume from a recovery point](clone-volume.md)

## Using AWS Backup to back up your volumes
<a name="aws-backup-volumes"></a>

AWS Backup is a centralized backup service that makes it easy and cost-effective for you to back up your application data across AWS services in both the Amazon Web Services Cloud and on-premises. Doing this helps you meet your business and regulatory backup compliance requirements. AWS Backup makes protecting your AWS storage volumes, databases, and file systems simple by providing a central place where you can do the following: 
+ Configure and audit the AWS resources that you want to back up.
+ Automate backup scheduling.
+ Set retention policies.
+ Monitor all recent backup and restore activity.

Because Storage Gateway integrates with AWS Backup, it lets customers use AWS Backup to back up on-premises business applications that use Storage Gateway volumes for cloud-backed storage. AWS Backup supports backup and restore of both cached and stored volumes. For information about AWS Backup, see the AWS Backup documentation. For information about AWS Backup, see [What is AWS Backup?](https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html) in the *AWS Backup User Guide*. 

You can manage Storage Gateway volumes' backup and recovery operations with AWS Backup and avoid the need to create custom scripts or manually manage point-in-time backups. With AWS Backup, you can also monitor your on-premises volume backups alongside your in-cloud AWS resources from a single AWS Backup dashboard. You can use AWS Backup to either create a one-time on-demand backup or define a backup plan that is managed in AWS Backup.

Storage Gateway volume backups taken from AWS Backup are stored in Amazon S3 as Amazon EBS snapshots. You can see the Storage Gateway volume backups from the AWS Backup console or the Amazon EBS console. 

You can easily restore Storage Gateway volumes that are managed through AWS Backup to any on-premises gateway or in-cloud gateway. You can also restore such a volume to an Amazon EBS volume that you can use with Amazon EC2 instances.

**Benefits of Using AWS Backup to Back Up Storage Gateway Volumes**

The benefits of using AWS Backup to back up Storage Gateway volumes are that you can meet compliance requirements, avoid operational burden, and centralize backup management. AWS Backup allows you to do the following:
+ Set customizable scheduled backup policies that meet your backup requirements.
+ Set backup retention and expiration rules so you no longer need to develop custom scripts or manually manage the point-in-time backups of your volumes. 
+ Manage and monitor backups across multiple gateways, and other AWS resources from a central view.

**To use AWS Backup to create backups of your volumes**
**Note**  
AWS Backup requires that you choose an AWS Identity and Access Management (IAM) role that AWS Backup consumes. You need to create this role because AWS Backup doesn't create it for you. You also need to create a trust relationship between AWS Backup and this IAM role. For information about how to do this, see the *AWS Backup User Guide*. For information about how to do this, see [Creating a Backup Plan](https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-backup-plan.html) in the *AWS Backup User Guide*.

1. Open the Storage Gateway console and choose **Volumes** from the navigation pane at left.

1. For **Actions**, choose **Create on-demand backup with AWS Backup ** or **Create AWS backup plan**.

   If you want to create an on-demand backup of the Storage Gateway volume, choose **Create on-demand backup with AWS Backup**. You are directed the AWS Backup console.

   If you want to create a new AWS Backup plan, choose **Create AWS backup plan**. You are directed to the AWS Backup console.

   On the AWS Backup console, you can create a backup plan, assign a Storage Gateway volume to the backup plan, and create a backup. You can also do ongoing backup management tasks.

### Finding and restoring your volumes from AWS Backup
<a name="find-cryo-snapshots"></a>

You can find and restore your backup Storage Gateway volumes from the AWS Backup console. For more information, see the *AWS Backup User Guide*. For more information, see [Recovery Points](https://docs.aws.amazon.com/aws-backup/latest/devguide/recovery-points.html) in the *AWS Backup User Guide*.

**To find and restore your volumes**

1. Open the AWS Backup console and find the Storage Gateway volume backup that you want to restore. You can restore the Storage Gateway volume backup to an Amazon EBS volume or to a Storage Gateway volume. Choose the appropriate option for your restore requirements.

1. For **Restore type**, choose to restore a stored or cached Storage Gateway volume and provide the required information:
   + For a stored volume, provide the information for **Gateway name**, **Disk ID**, and **iSCSI target name**.
   + For a cached volume, provide the information for **Gateway name**, **Capacity**, and **iSCSI target name**.

1.  Choose **Restore resource** to restore your volume.

**Note**  
You can't use the Amazon EBS console to delete a snapshot that is created by AWS Backup.

# Where do I go from here?
<a name="GettingStartedWhatsNextStep3"></a>

In the preceding sections, you created and provisioned a gateway and then connected your host to the gateway's storage volume. You added data to the gateway's iSCSI volume, took a snapshot of the volume, and restored it to a new volume, connected to the new volume, and verified that the data shows up on it. 

After you finish the exercise, consider the following:
+ If you plan on continuing to use your gateway, read about sizing the upload buffer more appropriately for real-world workloads. For more information, see [Sizing Your Volume Gateway's Storage for Real-World Workloads](#GettingStartedSizingForRealWorld).

Other sections of this guide include information about how to do the following:
+ To learn more about storage volumes and how to manage them, see [Managing Your Volume Gateway](managing-gateway-common.md).
+ If you don't plan on continuing to use your gateway, consider deleting the gateway to avoid incurring any charges. For more information, see [Cleaning up unnecessary resources](best-practices.md#cleanup). 
+ To troubleshoot gateway problems, see [Troubleshooting your gateway](troubleshooting-gateway-issues.md).
+ To optimize your gateway, see [Optimizing gateway performance](Performance.md#Optimizing-common).
+ To learn about Storage Gateway metrics and how you can monitor how your gateway performs, see [Monitoring Storage Gateway](Main_monitoring-gateways-common.md).
+ To learn more about configuring your gateway's iSCSI targets to store data, see [Connecting to your volumes from a Windows client](ConfiguringiSCSIClient.md).

To learn about sizing your Volume Gateway's storage for real-world workloads and cleaning up resources you don't need, see the following sections.

## Sizing Your Volume Gateway's Storage for Real-World Workloads
<a name="GettingStartedSizingForRealWorld"></a>

By this point, you have a simple, working gateway. However, the assumptions used to create this gateway are not appropriate for real-world workloads. If you want to use this gateway for real-world workloads, you need to do two things: 

1. Size your upload buffer appropriately.

1. Set up monitoring for your upload buffer, if you haven't done so already.

Following, you can find how to do both of these tasks. If you activated a gateway for cached volumes, you also need to size your cache storage for real-world workloads.

**To size your upload buffer and cache storage for a gateway-cached setup**
+ Use the formula shown in [Determining the size of upload buffer to allocate](decide-local-disks-and-sizes.md#CachedLocalDiskUploadBufferSizing-common) for sizing the upload buffer. We strongly recommend that you allocate at least 150 GiB for the upload buffer. If the upload buffer formula yields a value less than 150 GiB, use 150 GiB as your allocated upload buffer.

  The upload buffer formula takes into account the difference between throughput from your application to your gateway and throughput from your gateway to AWS, multiplied by how long you expect to write data. For example, assume that your applications write text data to your gateway at a rate of 40 MB per second for 12 hours a day and your network throughput is 12 MB per second. Assuming a compression factor of 2:1 for the text data, the formula specifies that you need to allocate approximately 675 GiB of upload buffer space.

**To size your upload buffer for a stored setup**
+ Use the formula discussed in [Determining the size of upload buffer to allocate](decide-local-disks-and-sizes.md#CachedLocalDiskUploadBufferSizing-common). We strongly recommend that you allocate at least 150 GiB for your upload buffer. If the upload buffer formula yields a value less than 150 GiB, use 150 GiB as your allocated upload buffer.

  The upload buffer formula takes into account the difference between throughput from your application to your gateway and throughput from your gateway to AWS, multiplied by how long you expect to write data. For example, assume that your applications write text data to your gateway at a rate of 40 MB per second for 12 hours a day and your network throughput is 12 MB per second. Assuming a compression factor of 2:1 for the text data, the formula specifies that you need to allocate approximately 675 GiB of upload buffer space.

**To monitor your upload buffer**

1. Open the Storage Gateway console at [https://console.aws.amazon.com/storagegateway/home](https://console.aws.amazon.com/storagegateway/).

1. Choose the **Gateway** tab, choose the **Details** tab, and then find the **Upload Buffer Used** field to view your gateway's current upload buffer.

1. Set one or more alarms to notify you about upload buffer use.

   We highly recommend that you create one or more upload buffer alarms in the Amazon CloudWatch console. For example, you can set an alarm for a level of use you want to be warned about and an alarm for a level of use that, if exceeded, is cause for action. The action might be adding more upload buffer space. For more information, see [To set an upper threshold alarm for a gateway's upload buffer](PerfUploadBuffer-common.md#GatewayAlarm1-common).

# Activating your gateway in a virtual private cloud
<a name="gateway-private-link"></a>

You can create a private connection between your on-premises gateway appliance and cloud-based storage infrastructure. You can use this connection to activate your gateway and allow it to transfer data to AWS storage services without communicating over the public internet. Using the Amazon VPC service, you can launch AWS resources, including private network interface endpoints, in a custom virtual private cloud (VPC). A VPC gives you control over network settings such as IP address range, subnets, route tables, and network gateways. For more information about VPCs, see [What is Amazon VPC?](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html) in the *Amazon VPC User Guide*.

To activate your gateway in a VPC, use the Amazon VPC Console to create a VPC endpoint for Storage Gateway and get the VPC endpoint ID, then specify this VPC endpoint ID when you create and activate the gateway. For more information, see [Connect your Volume Gateway to AWS](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html#connect-to-amazon-volume).

**Note**  
You must activate your gateway in the same region where you create the VPC endpoint for Storage Gateway

**Topics**
+ [

## Creating a VPC endpoint for Storage Gateway
](#create-vpc-endpoint)

## Creating a VPC endpoint for Storage Gateway
<a name="create-vpc-endpoint"></a>

Follow these instructions to create a VPC endpoint. If you already have a VPC endpoint for Storage Gateway, you can use it to activate your gateway.<a name="create-vpc-steps"></a>

**To create a VPC endpoint for Storage Gateway**

1. Sign in to the AWS Management Console and open the Amazon VPC console at [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/).

1. In the navigation pane, choose **Endpoints**, and then choose **Create Endpoint**.

1. On the **Create Endpoint** page, choose **AWS Services** for **Service category**.

1. For **Service Name**, choose `com.amazonaws.region.storagegateway`. For example `com.amazonaws.us-east-2.storagegateway`.

1. For **VPC**, choose your VPC and note its Availability Zones and subnets.

1. Verify that **Enable Private DNS Name** is not selected.

1. For **Security group**, choose the security group that you want to use for your VPC. You can accept the default security group. Verify that all of the following TCP ports are allowed in your security group:
   + TCP 443
   + TCP 1026
   + TCP 1027
   + TCP 1028
   + TCP 1031
   + TCP 2222

1. Choose **Create endpoint**. The initial state of the endpoint is **pending**. When the endpoint is created, note the ID of the VPC endpoint that you just created.

1. When the endpoint is created, choose **Endpoints**, then choose the new VPC endpoint.

1. In **Details** tab of the selected storage gateway endpoint, under **DNS Names**, use the first DNS name that doesn't specify an Availability Zone. Your DNS name look similar to this: `vpce-1234567e1c24a1fe9-62qntt8k.storagegateway.us-east-1.vpce.amazonaws.com `

Now that you have a VPC endpoint, you can create your gateway. For more information, see [Creating a Gateway](https://docs.aws.amazon.com/storagegateway/latest/vgw/create-volume-gateway.html).