Accessing the agent's local console Getting an agent activation key Configuring your agent network settings Testing your agent's connection to Amazon Testing your agent's connection to your storage Checking your agent's system resources Synchronizing the time on your VMware agent Configuring other agent settings Getting help with your agent from Amazon Web Services Support

Working with your Amazon DataSync agent's local console

While Amazon fully manages your Amazon DataSync agent once it's deployed, there might be cases where you need to change your agent's settings or troubleshoot an issue. Here are some examples of why you'd work with your agent through its local console:

Manually assign an IP address to the agent.
Test your agent's connection to Amazon or a storage system.
Provide Amazon Web Services Support access to your agent to help with an issue (such as a firewall misconfiguration).

Important

You don't need to use the agent's local console for standard DataSync functionality.

How you access the local console depends on the type of agent you're using.

For security reasons, you can't remotely connect to the local console of the DataSync agent virtual machine (VM).

If this is your first time using the local console, log in with the default credentials. The default user name is admin and the password is password. Otherwise, use your credentials to log in.

Note
We recommend changing the default password. You do this by running the passwd command from the local console menu. (Item 5 on the main menu opens the command prompt. For VMware VMs, choose item 6.)

Getting an agent activation key

If your agent isn't activated yet, you can obtain its activation key from the local console. This option is displayed only until the agent has been activated.

To get an activation key for your agent from the local console

Log in to your agent's local console.
On the Amazon DataSync Activation - Configuration main menu, enter 0 to get an activation key.
Enter the Amazon Web Services Region that your agent will be activated in.
Enter the service endpoint type that your agent will be using. Options include public, Federal Information Processing Standard (FIPS), and virtual private cloud (VPC) with Amazon PrivateLink.
The activation key is automatically generated and displayed on screen. Select and copy this value.
Using the activation key copied from the last step, use the following create-agent CLI command to create and activate the agent:
```
$ aws datasync create-agent --agent-name your-new-agent-name --activation-key generated-activation-key
```
On successful activation, this command returns something similar to the following.
```
{
"AgentArn": "arn:aws-cn:datasync:us-west-1:1234567890A:agent/agent-ID"
}
```
You can also insert the activation key in the DataSync console by using the agent creation wizard.

After the agent is activated, the console menu displays the Agent ID and Amazon Web Services Region. The option for getting an activation key is no longer visible in the console menu.

Configuring your agent's network settings

The default network configuration for the agent is Dynamic Host Configuration Protocol (DHCP). With DHCP, your agent is automatically assigned an IP address. In some cases, you might need to manually assign your agent's IP as a static IP address, as described following.

To configure your agent to use static IP addresses

Log in to your agent's local console.
On the Amazon DataSync Activation - Configuration main menu, enter 1 to begin configuring your network.

On the Network Configuration menu, choose one of the following options.

To	Do this
Get information about your network adapter	Enter `1`. A list of adapter names appears, and you are prompted to enter an adapter name—for example, `eth0`. If the adapter you specify is in use, the following information about the adapter is displayed: Media access control (MAC) address IP address Netmask Agent IP address DHCP enabled status You use the same adapter name when you configure a static IP address (option 3) as when you set your agent's default route adapter (option 5).
Configure DHCP	Enter `2`. You are prompted to configure the network interface to use DHCP.
Configure a static IP address for your agent	Enter `3`. You are prompted to enter the Network adapter name. Important If your agent has already been activated, you must shut it down and restart it from the DataSync console for the settings to take effect.
Reset all your agent's network configuration to DHCP	Enter `4`. All network interfaces are set to use DHCP. Important If your agent has already been activated, you must shut down and restart your agent from the DataSync console for the settings to take effect.
Set your agent's default route adapter	Enter `5`. The available adapters for your agent are shown, and you are prompted to choose one of the adapters—for example, `eth0`.
Edit your agent's Domain Name System (DNS) configuration	Enter `6`. The available adapters of the primary and secondary DNS servers are displayed. You are prompted to provide the new IP address.
View your agent's DNS configuration	Enter `7`. The available adapters of the primary and secondary DNS servers are displayed. Note For some versions of the VMware hypervisor, you can edit the adapter configuration in this menu.
View routing tables	Enter `8`. The default route of your agent is displayed.

Testing your agent's connection to Amazon

You can use your agent's local console to test your internet connection. This test can be useful when you are troubleshooting network issues with your agent.

To test your agent's connection to Amazon DataSync endpoints

Log in to your agent's local console.
On the Amazon DataSync Activation - Configuration main menu, enter 2 to begin testing network connectivity.
Enter the service endpoint type that your agent is connecting to. Valid endpoint types include public, FIPS, and VPC endpoints that are using Amazon PrivateLink.

When the agent is activated, the Test Network Connectivity option can be initiated without any additional user input, because the Region and endpoint type are taken from the activated agent information.
1. To test public endpoint connectivity, enter 1, followed by the Amazon Web Services Region in which your agent is activated. Connectivity test results against the correct endpoints for your agent's Region are displayed. For information about Amazon Web Services Regions and endpoints, see Where can I use DataSync?.
  
  Each endpoint in the selected Amazon Web Services Region displays either a PASSED or FAILED message.
2. To test FIPS endpoint connectivity, enter 2, followed by the Amazon Web Services Region in which your agent is activated. Connectivity test results against the correct endpoints for your agent's Region are displayed. For information about Amazon Web Services Regions and endpoints, see Where can I use DataSync?.
  
  Each endpoint in the selected Amazon Web Services Region displays either a PASSED or FAILED message.
3. To test VPC connectivity, enter 3. Network connectivity test results for your agent's VPC endpoints are displayed.
  
  Each VPC endpoint displays either a PASSED or FAILED message.

For information about network and firewall requirements, see Amazon DataSync network requirements.

Testing your agent's connection to your storage

You can test whether your DataSync agent can connect to the storage involved in your transfer. This test can help verify that you configured your transfer location correctly.

To test your agent's connection to your storage

Log in to your agent's local console.
On the Amazon DataSync Activation - Configuration main menu, enter 3.
Enter one of the following options:
1. Enter 1 to test an NFS server connection.
2. Enter 2 to test an SMB server connection.
3. Enter 3 to test an object storage server connection.
4. Enter 4 to test an HDFS connection.
5. Enter 5 to test a Microsoft Azure Blob Storage connection.
Enter the IP address or server domain name of the storage server.

For HDFS, enter the IP address or hostname of the NameNode or DataNode in the Hadoop cluster, followed by the TCP port number.

The connectivity test displays either PASSED or FAILED.

Checking your agent's system resources

When you log in to your agent console, virtual CPU cores, root volume size, and RAM are automatically checked. If there are any errors or warnings, they're flagged on the console menu display with a banner that provides details about those errors or warnings.

If there are no errors or warnings when the console starts, the menu displays white text. The View System Resource Check option will display (0 Errors).

If there are errors or warnings, the console menu displays the number of errors and warnings, in red and yellow respectively, in a banner across the top of the menu. For example, (1 ERROR, 1 WARNING).

To check your agent's system resources

Log in to your agent's local console.
On the Amazon DataSync Activation - Configuration main menu, enter 4 to view the results of the system resource check.

The console displays an [OK], [WARNING], or [FAIL] message for each resource as described in the table following.

For Amazon EC2 instances, the system resource check verifies that the instance type is one of the instances recommended for use with DataSync. If the instance type matches that list, a single result is displayed in green text, as follows.

[ OK ] Instance Type Check

If the Amazon EC2 instance is not on the recommended list, the system resource check verifies the following resources.
- CPU cores check: At least four cores are required.
- Disk size check: A minimum of 80 GB of available disk space is required.
- RAM check: A minimum of 32 GiB of RAM is required for up to 20 million file transfers per task. A minimum of 64 GiB of RAM is required for more than 20 million file transfers per task.
- CPU flags check: The agent VM CPU must have either SSSE3 or SSE4 instruction set flags.
If the Amazon EC2 instance is not on the list of recommended instances for DataSync, but it has sufficient resources, the result of the system resource check displays four results, all in green text.

The same resources are verified for agents deployed in Hyper-V, Linux Kernel-based Virtual Machine (KVM), and VMware VMs.

VMware agents are also checked for supported version; unsupported versions cause a red banner error. Supported versions include VMware versions 6.5 and 6.7.

Synchronizing the time on your VMware agent

If you are using a VMware VM, you can view Network Time Protocol (NTP) server configurations and synchronize the VM time on your agent with your VMware hypervisor host.

To manage system time

Log in to your agent's local console.
On the Amazon DataSync Activation - Configuration main menu, enter 5 to manage your system's time.

On the System Time Management menu, enter 1 to view and synchronize the VM system time.

To Do this

View and synchronize your VM time with NTP server time

To	Do this
View and synchronize your VM time with NTP server time	Enter `1`. The current time of your agent is displayed. Your agent determines the time difference between your agent VM and your NTP server time, and prompts you to synchronize the agent time with NTP time. After your agent is deployed and running, in some scenarios the agent's time can drift. For example, suppose that there is a prolonged network outage and your hypervisor host and agent don't get time updates. In this case, the agent's time is different from the true time. When there is a time drift, a discrepancy occurs between the stated times when operations such as snapshots occur and the actual times that the operations occur.
Edit your NTP server configuration	Enter `2`. You are prompted to provide a preferred and a secondary NTP server.
View your NTP server configuration	Enter `3`. Your NTP server configuration is displayed.

Enter 1.

The current time of your agent is displayed. Your agent determines the time difference between your agent VM and your NTP server time, and prompts you to synchronize the agent time with NTP time.

After your agent is deployed and running, in some scenarios the agent's time can drift. For example, suppose that there is a prolonged network outage and your hypervisor host and agent don't get time updates. In this case, the agent's time is different from the true time. When there is a time drift, a discrepancy occurs between the stated times when operations such as snapshots occur and the actual times that the operations occur.

Edit your NTP server configuration

Enter 2.

You are prompted to provide a preferred and a secondary NTP server.

View your NTP server configuration

Enter 3.

Your NTP server configuration is displayed.

Configuring other agent settings

In a DataSync agent's local console, you can perform some maintenance tasks and diagnose issues with your agent.

To run a configuration or diagnostic command in your agent's local console

Log in to your agent's local console.
On the Amazon DataSync Activation - Configuration main menu, enter 5 (or for 6 a VMware VM) for the Command Prompt.

Use the following commands to perform the following tasks with your agent.

Command	Description
`dig`	Look up DNS information about the host.
`diskclean`	Perform disk cleanup.
`exit`	Return to the console configuration menu.
`h`	Display a list of available commands.
`ifconfig`	Display or configure network interfaces.
`ip`	Display or configure routing, devices, and tunnels.
`iptables`	Set up and maintain IPv4 packet filtering and network address translation (NAT).
`ncport`	Test connectivity to a specific network TCP port.
`nping`	Get information to troubleshoot network issues.
`open-support-channel`	Connect the agent to Amazon Web Services Support.
`save-iptables`	Save IP table firewall rules permanently.
`save-routing-table`	Save a newly added routing table entry.
`sslcheck`	Verify whether an SSL certificate is valid.
`tcptraceroute`	Collect `traceroute` output on TCP traffic to a destination.

Follow the onscreen instructions.

Getting help with your agent from Amazon Web Services Support

You can allow Amazon Web Services Support to access your Amazon DataSync agent and assist you with troubleshooting agent issues. By default, Amazon Web Services Support access to DataSync is disabled. You enable this access through the host's local console. To give Amazon Web Services Support access to DataSync, you first log in to the local console for the host and then connect to the support server.

To log in to an agent running on Amazon EC2, create a rule for the instance's security group that opens TCP port 22 for Secure Shell (SSH) access.

Note

If you add a new rule to an existing security group, the new rule applies to all instances that use that security group. For more information about security groups and how to add a security group rule, see Amazon EC2 security groups for Linux instances in the Amazon EC2 User Guide for Linux Instances.

To enable Amazon Web Services Support access to Amazon DataSync

Log in to your host's local console.

If this is your first time logging in to the local console, see Accessing the agent's local console.
At the prompt, enter 5 to open the command prompt (for VMware VMs, use 6).
Enter h to open the AVAILABLE COMMANDS window.
In the AVAILABLE COMMANDS window, enter the following to connect to Amazon Web Services Support:

open-support-channel

If you are using the agent with VPC endpoints, you must provide a VPC endpoint IP address for your support channel, as follows:

open-support-channel vpc-ip-address

Your firewall must allow the outbound TCP port 22 to initiate a support channel to Amazon. When you connect to Amazon Web Services Support, DataSync assigns you a support number. Make a note of your support number.

Note
The channel number is not a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port number. Instead, it makes a Secure Shell (SSH) (TCP 22) connection to servers and provides the support channel for the connection.
When the support channel is established, provide your support service number to Amazon Web Services Support so that they can provide troubleshooting assistance.
When the support session is finished, press Enter to end it.
Enter exit to log out of the DataSync local console.
Follow the prompts to exit the local console.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Managing your agent

Replacing your agent