Working with your Amazon DataSync agent's local console - Amazon DataSync
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Working with your Amazon DataSync agent's local console

Although Amazon manages your Amazon DataSync agents, you can still work with an agent if needed through its local console. For example, you might need to manually assign an agent's IP address or run a network test. You also can allow Amazon Web Services Support access to your agent to help with troubleshooting an issue (such as a firewall misconfiguration).

Tip

You don't need to use the agent's local console for standard DataSync functionality.

Logging in to the agent local console

For security reasons, you can't remotely connect to the local console of the DataSync agent virtual machine (VM).

To log in to the agent's local console
  • If this is your first time using the local console, log in with the default credentials. The default user name is admin and the password is password. Otherwise, use your credentials to log in.

    Note

    We recommend changing the default password. You do this by running the passwd command from the local console menu. (Item 5 on the main menu opens the command prompt. For VMware VMs, choose item 6.) For information about how to run the command, see Configuring the agent through its local console.

Obtaining an activation key by using the local console

If your agent isn't activated yet, you can obtain its activation key from the local console. This option is displayed only until the agent has been activated.

To get an activation key for your agent from the local console
  1. Log in to your agent's local console.

  2. On the Amazon DataSync Activation - Configuration main menu, enter 0 to get an activation key.

  3. Enter the Amazon Web Services Region that your agent will be activated in.

  4. Enter the service endpoint type that your agent will be using. Options include public, Federal Information Processing Standard (FIPS), and virtual private cloud (VPC) with Amazon PrivateLink.

  5. The activation key is automatically generated and displayed on screen. Select and copy this value.

  6. Using the activation key copied from the last step, use the following create-agent CLI command to create and activate the agent:

    $ aws datasync create-agent --agent-name your-new-agent-name --activation-key generated-activation-key

    On successful activation, this command returns something similar to the following.

    { "AgentArn": "arn:aws-cn:datasync:us-west-1:1234567890A:agent/agent-ID" }

    You can also insert the activation key in the DataSync console by using the agent creation wizard.

    After the agent is activated, the console menu displays the Agent ID and Amazon Web Services Region. The option for getting an activation key is no longer visible in the console menu.

Configuring your agent network settings

The default network configuration for the agent is Dynamic Host Configuration Protocol (DHCP). With DHCP, your agent is automatically assigned an IP address. In some cases, you might need to manually assign your agent's IP as a static IP address, as described following.

To configure your agent to use static IP addresses
  1. Log in to your agent's local console.

  2. On the Amazon DataSync Activation - Configuration main menu, enter 1 to begin configuring your network.

  3. On the Network Configuration menu, choose one of the following options.

    To Do this
    Get information about your network adapter

    Enter 1.

    A list of adapter names appears, and you are prompted to enter an adapter name—for example, eth0. If the adapter you specify is in use, the following information about the adapter is displayed:

    • Media access control (MAC) address

    • IP address

    • Netmask

    • Agent IP address

    • DHCP enabled status

    You use the same adapter name when you configure a static IP address (option 3) as when you set your agent's default route adapter (option 5).

    Configure DHCP

    Enter 2.

    You are prompted to configure the network interface to use DHCP.

    Configure a static IP address for your agent

    Enter 3.

    You are prompted to enter the Network adapter name.

    Important

    If your agent has already been activated, you must shut it down and restart it from the DataSync console for the settings to take effect.

    Reset all your agent's network configuration to DHCP

    Enter 4.

    All network interfaces are set to use DHCP.

    Important

    If your agent has already been activated, you must shut down and restart your agent from the DataSync console for the settings to take effect.

    Set your agent's default route adapter

    Enter 5.

    The available adapters for your agent are shown, and you are prompted to choose one of the adapters—for example, eth0.

    Edit your agent's Domain Name System (DNS) configuration

    Enter 6.

    The available adapters of the primary and secondary DNS servers are displayed. You are prompted to provide the new IP address.
    View your agent's DNS configuration

    Enter 7.

    The available adapters of the primary and secondary DNS servers are displayed.

    Note

    For some versions of the VMware hypervisor, you can edit the adapter configuration in this menu.

    View routing tables

    Enter 8.

    The default route of your agent is displayed.

Testing your agent's connection to DataSync endpoints

You can use your agent's local console to test your internet connection. This test can be useful when you are troubleshooting network issues with your agent.

To test your agent's connection to Amazon DataSync endpoints
  1. Log in to your agent's local console.

  2. On the Amazon DataSync Activation - Configuration main menu, enter 2 to begin testing network connectivity.

  3. Enter the service endpoint type that your agent is connecting to. Valid endpoint types include public, FIPS, and VPC endpoints that are using Amazon PrivateLink.

    When the agent is activated, the Test Network Connectivity option can be initiated without any additional user input, because the Region and endpoint type are taken from the activated agent information.

    1. To test public endpoint connectivity, enter 1, followed by the Amazon Web Services Region in which your agent is activated. Connectivity test results against the correct endpoints for your agent's Region are displayed. For information about Amazon Web Services Regions and endpoints, see Where can I use DataSync?.

      Each endpoint in the selected Amazon Web Services Region displays either a PASSED or FAILED message.

    2. To test FIPS endpoint connectivity, enter 2, followed by the Amazon Web Services Region in which your agent is activated. Connectivity test results against the correct endpoints for your agent's Region are displayed. For information about Amazon Web Services Regions and endpoints, see Where can I use DataSync?.

      Each endpoint in the selected Amazon Web Services Region displays either a PASSED or FAILED message.

    3. To test VPC connectivity, enter 3. Network connectivity test results for your agent's VPC endpoints are displayed.

      Each VPC endpoint displays either a PASSED or FAILED message.

For information about network and firewall requirements, see Amazon DataSync network requirements.

Testing connectivity to storage systems

You can use the console to test connectivity to storage systems involved in your transfer, including Network File System (NFS), Server Message Block (SMB), Hadoop Distributed File System (HDFS), or object storage servers.

To test connectivity to storage systems
  1. Log in to your agent's local console.

  2. On the Amazon DataSync Activation - Configuration main menu, enter 3 to begin network testing.

  3. Choose the location type that you're testing by using one of the following options.

    1. Enter 1 to test an NFS server connection.

    2. Enter 2 to test an SMB server connection.

    3. Enter 3 to test an object storage server connection.

    4. Enter 4 to test an HDFS connection.

  4. Enter the IP address or server domain name of the storage server.

    For HDFS, enter the IP address or hostname of the NameNode or DataNode in the Hadoop cluster, followed by the TCP port number.

Connectivity test results, either PASSED or FAILED, are displayed for the specified server, along with the IP address and port of the tested server.

Viewing your agent system resource status

When you log in to your agent console, virtual CPU cores, root volume size, and RAM are automatically checked. If there are any errors or warnings, they're flagged on the console menu display with a banner that provides details about those errors or warnings.

If there are no errors or warnings when the console starts, the menu displays white text. The View System Resource Check option will display (0 Errors).

If there are errors or warnings, the console menu displays the number of errors and warnings, in red and yellow respectively, in a banner across the top of the menu. For example, (1 ERROR, 1 WARNING).

To view the status of a system resource check
  1. Log in to your agent's local console.

  2. On the Amazon DataSync Activation - Configuration main menu, enter 4 to view the results of the system resource check.

    The console displays an [OK], [WARNING], or [FAIL] message for each resource as described in the table following.

    For Amazon EC2 instances, the system resource check verifies that the instance type is one of the instances recommended for use with DataSync. If the instance type matches that list, a single result is displayed in green text, as follows.

    [ OK ] Instance Type Check

    If the Amazon EC2 instance is not on the recommended list, the system resource check verifies the following resources.

    • CPU cores check: At least four cores are required.

    • Disk size check: A minimum of 80 GB of available disk space is required.

    • RAM check: A minimum of 32 GiB of RAM is required for up to 20 million file transfers per task. A minimum of 64 GiB of RAM is required for more than 20 million file transfers per task.

    • CPU flags check: The agent VM CPU must have either SSSE3 or SSE4 instruction set flags.

    If the Amazon EC2 instance is not on the list of recommended instances for DataSync, but it has sufficient resources, the result of the system resource check displays four results, all in green text.

    The same resources are verified for agents deployed in Hyper-V, Linux Kernel-based Virtual Machine (KVM), and VMware VMs.

    VMware agents are also checked for supported version; unsupported versions cause a red banner error. Supported versions include VMware versions 6.5 and 6.7.

Configuring a Network Time Protocol (NTP) server for VMware agents

If you are using a VMware VM, you can view Network Time Protocol (NTP) server configurations and synchronize the VM time on your agent with your VMware hypervisor host.

To manage system time
  1. Log in to your agent's local console.

  2. On the Amazon DataSync Activation - Configuration main menu, enter 5 to manage your system's time.

  3. On the System Time Management menu, enter 1 to view and synchronize the VM system time.

    To Do this
    View and synchronize your VM time with NTP server time

    Enter 1.

    The current time of your agent is displayed. Your agent determines the time difference between your agent VM and your NTP server time, and prompts you to synchronize the agent time with NTP time.

    After your agent is deployed and running, in some scenarios the agent's time can drift. For example, suppose that there is a prolonged network outage and your hypervisor host and agent don't get time updates. In this case, the agent's time is different from the true time. When there is a time drift, a discrepancy occurs between the stated times when operations such as snapshots occur and the actual times that the operations occur.

    Edit your NTP server configuration

    Enter 2.

    You are prompted to provide a preferred and a secondary NTP server.

    View your NTP server configuration

    Enter 3.

    Your NTP server configuration is displayed.

Configuring the agent through its local console

In a DataSync agent's local console, you can perform some maintenance tasks and diagnose issues with your agent.

To run a configuration or diagnostic command in your agent's local console
  1. Log in to your agent's local console.

  2. On the Amazon DataSync Activation - Configuration main menu, enter 5 (or for 6 a VMware VM) for the Command Prompt.

  3. Use the following commands to perform the following tasks with your agent.

    Command Description
    dig Look up DNS information about the host.
    diskclean Perform disk cleanup.
    exit Return to the console configuration menu.
    h Display a list of available commands.
    ifconfig Display or configure network interfaces.
    ip Display or configure routing, devices, and tunnels.
    iptables Set up and maintain IPv4 packet filtering and network address translation (NAT).
    ncport Test connectivity to a specific network TCP port.
    nping Get information to troubleshoot network issues.
    open-support-channel Connect the agent to Amazon Web Services Support.
    save-iptables Save IP table firewall rules permanently.
    save-routing-table Save a newly added routing table entry.
    sslcheck Verify whether an SSL certificate is valid.
    tcptraceroute Collect traceroute output on TCP traffic to a destination.
  4. Follow the onscreen instructions.

Getting help with your agent from Amazon Web Services Support

You can allow Amazon Web Services Support to access your Amazon DataSync agent and assist you with troubleshooting agent issues. By default, Amazon Web Services Support access to DataSync is disabled. You enable this access through the host's local console. To give Amazon Web Services Support access to DataSync, you first log in to the local console for the host and then connect to the support server.

To log in to an agent running on Amazon EC2, create a rule for the instance's security group that opens TCP port 22 for Secure Shell (SSH) access.

Note

If you add a new rule to an existing security group, the new rule applies to all instances that use that security group. For more information about security groups and how to add a security group rule, see Amazon EC2 security groups for Linux instances in the Amazon EC2 User Guide for Linux Instances.

To enable Amazon Web Services Support access to Amazon DataSync
  1. Log in to your host's local console.

    If this is your first time logging in to the local console, see Logging in to the agent local console.

  2. At the prompt, enter 5 to open the command prompt (for VMware VMs, use 6).

  3. Enter h to open the AVAILABLE COMMANDS window.

  4. In the AVAILABLE COMMANDS window, enter the following to connect to Amazon Web Services Support:

    open-support-channel

    If you are using the agent with VPC endpoints, you must provide a VPC endpoint IP address for your support channel, as follows:

    open-support-channel vpc-ip-address

    Your firewall must allow the outbound TCP port 22 to initiate a support channel to Amazon. When you connect to Amazon Web Services Support, DataSync assigns you a support number. Make a note of your support number.

    Note

    The channel number is not a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port number. Instead, it makes a Secure Shell (SSH) (TCP 22) connection to servers and provides the support channel for the connection.

  5. When the support channel is established, provide your support service number to Amazon Web Services Support so that they can provide troubleshooting assistance.

  6. When the support session is finished, press Enter to end it.

  7. Enter exit to log out of the DataSync local console.

  8. Follow the prompts to exit the local console.