The AWS Storage Gateway is a service connecting an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization’s on-premises IT environment and AWS’s storage infrastructure. The service allows you to securely store data in the AWS cloud for scalable and cost-effective storage. The AWS Storage Gateway supports industry-standard storage protocols that work with your existing applications. It provides low-latency performance by maintaining frequently accessed data on-premises while securely storing all of your data encrypted in Amazon Simple Storage Service (Amazon S3) or Amazon Glacier.
Get Started with AWS for Free
Create a Free AccountOr Sign In to the Console
Receive twelve months of access to the AWS Free Tier and enjoy AWS Basic Support features including, 24x7x365 customer service, support forums, and more.
Please note that AWS Storage Gateway is not currently available on the AWS Free Usage Tier.
The AWS Storage Gateway supports three configurations:
Gateway-Cached Volumes: You can store your primary data in Amazon S3, and retain your frequently accessed data locally. Gateway-cached volumes provide substantial cost savings on primary storage, minimize the need to scale your storage on-premises, and retain low-latency access to your frequently accessed data.
Gateway-Stored Volumes: In the event you need low-latency access to your entire data set, you can configure your on-premises data gateway to store your primary data locally, and asynchronously back up point-in-time snapshots of this data to Amazon S3. Gateway-stored volumes provide durable and inexpensive off-site backups that you can recover locally or from Amazon EC2 if, for example, you need replacement capacity for disaster recovery.
Gateway-Virtual Tape Library (VTL): With gateway-VTL you can have a limitless collection of virtual tapes. Each virtual tape can be stored in a Virtual Tape Library backed by Amazon S3 or a Virtual Tape Shelf (VTS) backed by Amazon Glacier. The Virtual Tape Library exposes an industry standard iSCSI interface which provides your backup application with on-line access to the virtual tapes. When you no longer require immediate or frequent access to data contained on a virtual tape, you can use your backup application to move it from its Virtual Tape Library to your Virtual Tape Shelf in order to further reduce your storage costs.
The AWS Storage Gateway securely transfers your data to AWS over SSL, and securely stores your data in Amazon S3 and Amazon Glacier using one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256) encryption. A multi-factor scheme is used where each block of data is encrypted with a unique key, and the key itself is encrypted with a regularly rotated master key.
The AWS Storage Gateway durably stores your on-premises application data by uploading it to Amazon S3 and Amazon Glacier. Amazon S3 and Amazon Glacier redundantly store data in multiple facilities and on multiple devices within each facility. Amazon S3 and Amazon Glacier also perform regular, systematic data integrity checks and are built to be automatically self-healing.
There is no need to re-architect your on-premises applications. Gateway-cached volumes and gateway-stored volumes expose a standard iSCSI block disk device interface, and gateway-VTL presents a standard iSCSI virtual tape library interface.
By making it easy for your on-premises applications to store data on Amazon S3 or Amazon Glacier, AWS Storage Gateway reduces the cost, maintenance, and scaling challenges associated with managing primary, backup and archive storage environments. You pay only for what you use with no long-term commitments.
Gateway-stored volumes and gateway-cached volumes are designed to seamlessly integrate with Amazon S3, Amazon EBS, and Amazon EC2 by enabling you to store point-in-time snapshots of your on-premises application data in Amazon S3 as Amazon EBS snapshots for future recovery on-premises or in Amazon EC2. This integration allows you to easily mirror data from your on-premises applications to applications running on Amazon EC2 for disaster recovery (DR) and on-demand compute capacity cases.
Gateway-VTL integrates with Amazon Glacier and allows you to cost effectively and durably store your archive and long-term backup data.
All three gateway configurations integrate with Amazon CloudWatch to provide metrics, monitoring, and alarms; with AWS CloudTrail to provide a record of API calls for resource change tracking and compliance auditing; and implement tags to simplify management of your AWS resources for cost allocation or resource grouping.
The AWS Storage Gateway efficiently uses your internet bandwidth to speed up the upload of your on-premises application data to AWS. The AWS Storage Gateway compresses and only uploads data that has changed, minimizing the amount of data sent over the internet. You can also use AWS Direct Connect to further increase throughput and reduce your network costs by establishing a dedicated network connection between your on-premises gateway and AWS.
The AWS Storage Gateway enables your existing on-premises to cloud backup applications to store primary backups on Amazon S3’s scalable, reliable, secure, and cost-effective storage service. You can create gateway-cached volumes and mount them as iSCSI devices to your on-premises backup application servers. All data is securely transferred to AWS over SSL and stored encrypted in Amazon S3 using AES 256-bit encryption. Using gateway-cached volumes provides an attractive alternative to the traditional choice of maintaining and scaling costly storage hardware on-premises.
For scenarios where you want to keep your primary data or backups on-premises, you can use gateway-stored volumes to keep this data locally, and backup this data off-site to Amazon S3. Gateway-stored volumes provide an attractive alternative to dealing with the longer recovery times and operational burden of managing off-site tape storage for backups.
The AWS Storage Gateway, together with EC2, can mirror your entire production environment for disaster recovery (DR). Planning for business continuity in the event of a power outage, fire, flood, or other disaster can be challenging. It requires investments in redundant infrastructure and staff across multiple datacenters and costly storage replication solutions. AWS Storage Gateway and Amazon EC2 together provide a simple cloud-hosted DR solution. Using Amazon EC2, you can configure virtual machine images of your DR application servers and only pay for these servers when you need them. In the event your on-premises infrastructure goes down, you simply launch the Amazon EC2 compute instances you need and attach them to copies of your on-premises data. The AWS Storage Gateway addresses the challenges of replicating data for DR by enabling you to create gateway-cached volumes that store your data in Amazon S3. By storing your data using the AWS Storage Gateway, you will be prepared for DR if you lose your on-premises application or storage.
Managing on-premises storage for departmental file shares and home directories typically results in high capital and maintenance costs, under-utilized hardware, and restrictive user quotas. The AWS Storage Gateway addresses these on-premises scaling and maintenance issues by enabling you to seamlessly store your corporate file shares on Amazon S3, while keeping a copy of your frequently accessed files on-premises. This minimizes the need to scale your on-premises file storage infrastructure, while still providing low-latency access to your frequently accessed data. Using the AWS Storage Gateway, you can create gateway-cached storage volumes up to 32 TB in size and mount them as iSCSI devices from your on-premises file servers. You can then expose these volumes as Common Internet File System (CIFS) shares or Network File System (NFS) mount points to your client machines. The AWS Storage Gateway durably stores files written to these shares or mount points in Amazon S3, while maintaining a cache of recently written and recently read files locally on your on-premises storage hardware for low-latency access. Since you only pay for the storage you actually use, you can scale your storage on-demand and avoid the costs of under-utilized hardware.
If you want to leverage Amazon EC2’s on-demand compute capacity for additional capacity during peak periods, for new projects, or as a more cost-effective way to run your normal workloads, you can use the AWS Storage Gateway to mirror your volume data to Amazon EC2 instances. If you’re running development and User Acceptance Testing (UAT) environments in Amazon EC2 to take advantage of AWS’s on-demand compute capacity, you can use the AWS Storage Gateway to ensure these environments have ongoing access to the latest data from your production systems on-premises.
Using gateway-VTL, you can store data requiring long term retention and infrequent access without changing your existing backup applications and tape-based processes. Although magnetic tape-based storage can be cost-effective when operated at scale, it can be a drain on resources as one (or more) tape libraries need to be maintained (often in geographically distinct locations) requiring specialized personnel, and taking up valuable space in data centers. In addition, the tapes themselves must be carefully stored and managed, which can include periodically copying data from old tapes onto new ones to ensure that your data can still be read as tape technology standards evolve.
Tape’s low cost potential also requires accurate capacity planning, a process that is usually error-prone, especially when storage growth is unpredictable, as it often is. Over provisioning capacity can result in under utilization and higher costs, while under provisioning can trigger expensive hardware upgrades far earlier than planned. Even when capacity planning is accurate, periodic hardware upgrades are still common as older tape libraries are less efficient and therefore costlier to operate. Archiving valuable data using a tape-based solution also requires costly, multi-site, redundant data centers and offsite vaulting to guarantee durability. This approach also requires manual handling of tape media which increases the risk of data loss.
By using gateway-VTL, you can eliminate these challenges associated with owning and operating on-premises physical tape infrastructure by storing your archive and long-term backup data on a limitless collection of virtual tapes. Your virtual tapes can be stored in a Virtual Tape Library backed by Amazon S3 or a Virtual Tape Shelf backed by Amazon Glacier. The Virtual Tape Library provides your backup application with on-line access to the virtual tapes. When you no longer require immediate or frequent access to data contained on a virtual tape, you can use your backup application to move it from its Virtual Tape Library to your Virtual Tape Shelf in order to further reduce your storage costs.
Gateway-VTL allows you to eliminate the need for large upfront capital expense and expensive multi-year support commitments. With gateway-VTL you pay only for the capacity you use and scale as your needs grow. With the gateway-VTL solution you also don’t need to worry about transporting storage media to offsite facilities and manual handling of tape media. The gateway-VTL solution reduces your costs and simplifies your data management process while improving the durability of your archive and long-term backup solution.
