Performing Tasks on the VM Local Console - Amazon Storage Gateway
Logging in to the Local Console Using Default CredentialsSetting the Local Console Password from the Storage Gateway ConsoleRouting Your On-Premises Gateway Through a ProxyConfiguring Your Gateway NetworkTesting Your Gateway Connectivity to the InternetSynchronizing Your Gateway VM TimeRunning Storage Gateway Commands on the Local ConsoleViewing Your Gateway System Resource StatusConfiguring Network Adapters for Your Gateway
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon S3 File Gateway documentation has been moved to What is Amazon S3 File Gateway?

Amazon FSx File Gateway documentation has been moved to What is Amazon FSx File Gateway?

Volume Gateway documentation has been moved to What is Volume Gateway?

Performing Tasks on the VM Local Console

For a gateway deployed on-premises, you can perform the following maintenance tasks using the VM host's local console. These tasks are common to VMware, Hyper-V, and Linux Kernel-based Virtual Machine (KVM) hosts.

Logging in to the Local Console Using Default Credentials

When the VM is ready for you to log in, the login screen is displayed. If this is your first time logging in to the local console, you use the default sign-in credentials to log in. These default login credentials give you access to menus where you can configure gateway network settings and change the password from the local console. Storage Gateway allows you to set your own password from the Amazon Storage Gateway console instead of changing the password from the local console. You don't need to know the default password to set a new password. For more information, see Setting the Local Console Password from the Storage Gateway Console.

To log in to the gateway's local console

  1. If this is your first time logging in to the local console, log in to the VM with the default credentials. The default user name is admin and the password is password.

    Otherwise, use your credentials to log in.

    Note

    We recommend changing the default password by entering the corresponding numeral for Gateway Console from the Amazon Appliance Activation - Configuration main menu, then running the passwd command. For information about how to run the command, see Running Storage Gateway Commands on the Local Console. You can also set your own password from the Amazon Storage Gateway console. For more information, see Setting the Local Console Password from the Storage Gateway Console.

    Important

    For older versions of the volume or Tape Gateway, the user name is sguser and the password is sgpassword. If you reset your password and your gateway is updated to a newer version, your the user name will change to admin but the password will be maintained.

  2. After you log in, you see the Amazon Storage Gateway Configuration main menu, from which you can perform various tasks.

    To Learn About This Task See This Topic
    Configure a SOCKS proxy for your gateway Routing Your On-Premises Gateway Through a Proxy.
    Configure your network Configuring Your Gateway Network.
    Test network connectivity Testing Your Gateway Connection to the Internet.
    Manage VM time Synchronizing Your Gateway VM Time.
    Run Storage Gateway console commands Running Storage Gateway Commands on the Local Console.
    View system resource check Viewing Your Gateway System Resource Status.

To shut down the gateway, enter 0.

To exit the configuration session, enter X.

Setting the Local Console Password from the Storage Gateway Console

When you log in to the local console for the first time, you log in to the VM with the default credentials— The user name is admin and the password is password. We recommend that you always set a new password immediately after you create your new gateway. You can set this password from the Amazon Storage Gateway console rather than the local console if you want. You don't need to know the default password to set a new password.

To set the local console password on the Storage Gateway console

  1. Open the Storage Gateway console at https://console.amazonaws.cn/storagegateway/home.

  2. On the navigation pane, choose Gateways then choose the gateway for which you want to set a new password.

  3. For Actions, choose Set Local Console Password.

  4. In the Set Local Console Password dialog box, type a new password, confirm the password and then choose Save. Your new password replaces the default password. Storage Gateway does not save the password but rather safely transmits it to the VM.

    Note

    The password can consist of any character on the keyboard and can be 1 to 512 characters long.

Routing Your On-Premises Gateway Through a Proxy

Volume Gateways and Tape Gateways support configuration of a Socket Secure version 5 (SOCKS5) proxy between your on-premises gateway and Amazon.

Note

The only supported proxy configuration is SOCKS5.

If your gateway must use a proxy server to communicate to the internet, then you need to configure the SOCKS proxy settings for your gateway. You do this by specifying an IP address and port number for the host running your proxy. After you do so, Storage Gateway routes all traffic through your proxy server. For information about network requirements for your gateway, see Network and firewall requirements.

The following procedure shows you how to configure SOCKS proxy for Volume Gateway and Tape Gateway.

To configure a SOCKS5 proxy for volume and Tape Gateways

  1. Log in to your gateway's local console.

  2. From the Amazon Storage Gateway - Configuration main menu, enter the corresponding numeral to select SOCKS Proxy Configuration.

  3. From the Amazon Storage Gateway SOCKS Proxy Configuration menu, enter the corresponding numeral to perform one of the following tasks:

    To Perform This Task Do This
    Configure a SOCKS proxy

    Enter the corresponding numeral to select Configure SOCKS Proxy.

    You will need to supply a host name and port to complete configuration.
    View the current SOCKS proxy configuration

    Enter the corresponding numeral to select View Current SOCKS Proxy Configuration.

    If a SOCKS proxy is not configured, the message SOCKS Proxy not configured is displayed. If a SOCKS proxy is configured, the host name and port of the proxy are displayed.
    Remove a SOCKS proxy configuration

    Enter the corresponding numeral to select Remove SOCKS Proxy Configuration.

    The message SOCKS Proxy Configuration Removed is displayed.

  4. Restart your VM to apply your HTTP configuration.

Configuring Your Gateway Network

The default network configuration for the gateway is Dynamic Host Configuration Protocol (DHCP). With DHCP, your gateway is automatically assigned an IP address. In some cases, you might need to manually assign your gateway's IP as a static IP address, as described following.

To configure your gateway to use static IP addresses

  1. Log in to your gateway's local console.

  2. From the Amazon Storage Gateway - Configuration main menu, enter the corresponding numeral to select Network Configuration.

  3. From the Amazon Storage Gateway Network Configuration menu, perform one of the following tasks:

    To Perform This Task Do This
    Describe network adapter

    Enter the corresponding numeral to select Describe Adapter.

    A list of adapter names appears, and you are prompted to type an adapter name—for example, eth0. If the adapter you specify is in use, the following information about the adapter is displayed:

    • Media access control (MAC) address

    • IP address

    • Netmask

    • Gateway IP address

    • DHCP activated status

    You use the adapter names listed here when you configure a static IP address or set your gateway's default adapter.
    Configure DHCP

    Enter the corresponding numeral to select Configure DHCP.

    You are prompted to configure network interface to use DHCP.
    Configure a static IP address for your gateway

    Enter the corresponding numeral to select Configure Static IP.

    You are prompted to type the following information to configure a static IP:

    • Network adapter name

    • IP address

    • Netmask

    • Default gateway address

    • Primary Domain Name Service (DNS) address

    • Secondary DNS address

    Important

    If your gateway has already been activated, you must shut it down and restart it from the Storage Gateway console for the settings to take effect. For more information, see Shutting Down Your Gateway VM.

    If your gateway uses more than one network interface, you must set all activated interfaces to use DHCP or static IP addresses.

    For example, suppose your gateway VM uses two interfaces configured as DHCP. If you later set one interface to a static IP, the other interface is deactivated. To activate the interface in this case, you must set it to a static IP.

    If both interfaces are initially set to use static IP addresses and you then set the gateway to use DHCP, both interfaces will use DHCP.
    Configure a hostname for your gateway

    Enter the corresponding numeral to select Configure Hostname.

    You are prompted to choose whether the gateway will use a static hostname that you specify, or aquire one automatically through DCHP or rDNS.

    If you select Static, you are prompted to provide a static hostname, such as testgateway.example.com. Enter y to apply the configuration.

    Note

    If you configure a static hostname for your gateway, ensure that the provided hostname is in the domain that gateway is joined to. You must also create an A record in your DNS system that points the gateway's IP address to its static hostname.
    Reset all your gateway's network configuration to DHCP

    Enter the corresponding numeral to select Reset all to DHCP.

    All network interfaces are set to use DHCP.

    Important

    If your gateway has already been activated, you must shut down and restart your gateway from the Storage Gateway console for the settings to take effect. For more information, see Shutting Down Your Gateway VM.
    Set your gateway's default route adapter

    Enter the corresponding numeral to select Set Default Adapter.

    The available adapters for your gateway are shown, and you are prompted to select one of the adapters—for example, eth0.
    View your gateway's DNS configuration

    Enter the corresponding numeral to select View DNS Configuration.

    The IP addresses of the primary and secondary DNS name servers are displayed.
    View routing tables

    Enter the corresponding numeral to select View Routes.

    The default route of your gateway is displayed.

Testing Your Gateway Connection to the Internet

You can use your gateway's local console to test your internet connection. This test can be useful when you are troubleshooting network issues with your gateway.

To test your gateway's connection to the internet

  1. Log in to your gateway's local console.

  2. From the Amazon Storage Gateway - Configuration main menu, enter the corresponding numeral to select Test Network Connectivity.

    If your gateway has already been activated, the connectivity test begins immediately. For gateways that have not yet been activated, you must specify the endpoint type and Amazon Web Services Region as described in the following steps.

  3. If your gateway is not yet activated, enter the corresponding numeral to select the endpoint type for your gateway.

  4. If you selected the public endpoint type, enter the corresponding numeral to select the Amazon Web Services Region that you want to test. For supported Amazon Web Services Regions and a list of Amazon service endpoints you can use with Storage Gateway, see Amazon Storage Gateway endpoints and quotas in the Amazon Web Services General Reference.

As the test progresses, each endpoint displays either [PASSED] or [FAILED], indicating the status of the connection as follows:

Message Description
[PASSED] Storage Gateway has network connectivity.
[FAILED] Storage Gateway does not have network connectivity.

Synchronizing Your Gateway VM Time

After your gateway is deployed and running, in some scenarios the gateway VM's time can drift. For example, if there is a prolonged network outage and your hypervisor host and gateway do not get time updates, then the gateway VM's time will be different from the true time. When there is a time drift, a discrepancy occurs between the stated times when operations such as snapshots occur and the actual times that the operations occur.

For a gateway deployed on VMware ESXi, setting the hypervisor host time and synchronizing the VM time to the host is sufficient to avoid time drift. For more information, see Synchronizing VM Time with Host Time.

For a gateway deployed on Microsoft Hyper-V, you should periodically check your VM's time. For more information, see Synchronizing Your Gateway VM Time.

Running Storage Gateway Commands on the Local Console

The VM local console in Storage Gateway helps provide a secure environment for configuring and diagnosing issues with your gateway. Using the local console commands, you can perform maintenance tasks such as saving routing tables, connecting to Amazon Web Services Support, and so on.

To run a configuration or diagnostic command

  1. Log in to your gateway's local console:

  2. From the Amazon Appliance Activation - Configuration main menu, enter the corresponding numeral to select Gateway Console.

  3. From the gateway console command prompt, enter h.

    The console displays the AVAILABLE COMMANDS menu, which lists the available commands:

    Command Function
    dig Collect output from dig for DNS troubleshooting.
    exit Return to Configuration menu.
    h Display available command list.
    ifconfig View or configure network interfaces.
    Note

    We recommend configuring network or IP settings using the Storage Gateway console or the dedicated local console menu option. For instructions, see Configuring Your Gateway Network.
    ip Show / manipulate routing, devices, and tunnels.
    Note

    We recommend configuring network or IP settings using the Storage Gateway console or the dedicated local console menu option. For instructions, see Configuring Your Gateway Network.
    iptables Administration tool for IPv4 packet filtering and NAT.
    ncport Test connectivity to a specific TCP port on a network.
    nping Collect output from nping for network troubleshooting.
    open-support-channel Connect to Amazon Support.
    passwd Update authentication tokens.
    save-iptables Persist IP tables.
    save-routing-table Save newly added routing table entry.
    tcptraceroute Collect traceroute output on TCP traffic to a destination.

  4. From the gateway console command prompt, enter the corresponding command for the function you want to use, and follow the instructions.

To learn about a command, enter man + command name at the command prompt.

Viewing Your Gateway System Resource Status

When your gateway starts, it checks its virtual CPU cores, root volume size, and RAM. It then determines whether these system resources are sufficient for your gateway to function properly. You can view the results of this check on the gateway's local console.

To view the status of a system resource check

  1. Log in to your gateway's local console:

  2. From the Amazon Appliance Activation - Configuration main menu, enter the corresponding numeral to select View System Resource Check.

    Each resource displays [OK], [WARNING], or [FAIL], indicating the status of the resource as follows:

    Message Description
    [OK] The resource has passed the system resource check.
    [WARNING] The resource doesn't meet the recommended requirements, but your gateway can continue to function. Storage Gateway displays a message that describes the results of the resource check.
    [FAIL] The resource doesn't meet the minimum requirements. Your gateway might not function properly. Storage Gateway displays a message that describes the results of the resource check.

    The console also displays the number of errors and warnings next to the resource check menu option.

Configuring Network Adapters for Your Gateway

By default, Storage Gateway is configured to use the E1000 network adapter type, but you can reconfigure your gateway to use the VMXNET3 (10 GbE) network adapter. You can also configure Storage Gateway so it can be accessed by more than one IP address. You do this by configuring your gateway to use more than one network adapter.

Configuring Your Gateway to Use the VMXNET3 Network Adapter

Storage Gateway supports the E1000 network adapter type in both VMware ESXi and Microsoft Hyper-V hypervisor hosts. However, the VMXNET3 (10 GbE) network adapter type is supported in VMware ESXi hypervisor only. If your gateway is hosted on a VMware ESXi hypervisor, you can reconfigure your gateway to use the VMXNET3 (10 GbE) adapter type. For more information on these adapters, see Choosing a network adapter for your virtual machine on the Broadcom (VMware) website.

Important

To select VMXNET3, your guest operating system type must be Other Linux64.

Following are the steps you take to configure your gateway to use the VMXNET3 adapter:

  1. Remove the default E1000 adapter.

  2. Add the VMXNET3 adapter.

  3. Restart your gateway.

  4. Configure the adapter for the network.

Details on how to perform each step follow.

To remove the default E1000 adapter and configure your gateway to use the VMXNET3 adapter

  1. In VMware, open the context (right-click) menu for your gateway and choose Edit Settings.

  2. In the Virtual Machine Properties window, choose the Hardware tab.

  3. For Hardware, choose Network adapter. Notice that the current adapter is E1000 in the Adapter Type section. You will replace this adapter with the VMXNET3 adapter.

    VMware virtual machine properties hardware tab with E1000 adapter selected.

  4. Choose the E1000 network adapter, and then choose Remove. In this example, the E1000 network adapter is Network adapter 1.

    Note

    Although you can run the E1000 and VMXNET3 network adapters in your gateway at the same time, we don't recommend doing so because it can cause network problems.

  5. Choose Add to open the Add Hardware wizard.

  6. Choose Ethernet Adapter, and then choose Next.

  7. In the Network Type wizard, select VMXNET3 for Adapter Type, and then choose Next.

  8. In the Virtual Machine properties wizard, verify in the Adapter Type section that Current Adapter is set to VMXNET3, and then choose OK.

  9. In the VMware VSphere client, shut down your gateway.

  10. In the VMware VSphere client, restart your gateway.

After your gateway restarts, reconfigure the adapter you just added to make sure that network connectivity to the internet is established.

To configure the adapter for the network

  1. In the VSphere client, choose the Console tab to start the local console. Use the default login credentials to log in to the gateway's local console for this configuration task. For information about how to log in using the default credentials, see Logging in to the Local Console Using Default Credentials.

  2. At the prompt, enter the corresponding numeral to select Network Configuration.

  3. At the prompt, enter the corresponding numeral to select Reset all to DHCP, and then enter y (for yes) at the prompt to set all adapters to use Dynamic Host Configuration Protocol (DHCP). All available adapters are set to use DHCP.

    If your gateway is already activated, you must shut it down and restart it from the Storage Gateway Management Console. After the gateway restarts, you must test network connectivity to the internet. For information about how to test network connectivity, see Testing Your Gateway Connection to the Internet.

Configuring Your Gateway for Multiple NICs

If you configure your gateway to use multiple network adapters (NICs), it can be accessed by more than one IP address. You might want to do this in the following situations:

  • Maximizing throughput – You might want to maximize throughput to a gateway when network adapters are a bottleneck.

  • Application separation – You might need to separate how your applications write to a gateway's volumes. For example, you might choose to have a critical storage application exclusively use one particular adapter defined for your gateway.

  • Network constraints – Your application environment might require that you keep your iSCSI targets and the initiators that connect to them in an isolated network that is different from the network by which the gateway communicates with Amazon.

In a typical multiple-adapter use case, one adapter is configured as the route by which the gateway communicates with Amazon (that is, as the default gateway). Except for this one adapter, initiators must be in the same subnet as the adapter that contains the iSCSI targets to which they connect. Otherwise, communication with the intended targets might not be possible. If a target is configured on the same adapter that is used for communication with Amazon, then iSCSI traffic for that target and Amazon traffic will flow through the same adapter.

When you configure one adapter to connect to the Storage Gateway console and then add a second adapter, Storage Gateway automatically configures the route table to use the second adapter as the preferred route. For instructions on how to configure multiple-adapters, see the following sections.