Primer: File Gateway Flashcards
on premise architecture of File Gateway system
client(File share, File gateway appliance)
File share first checks cache.
Else, retrieves from S3
Retrieve from S3 by: NFS mount point, or SMB
gateway region
selected on setup
sets where gateway is
however, gateway can connect to any region (connect to regions where s3 buckets are)
once gateway exists, what happens when you mount a file share to that gateway
each file share is mapped a single s3 bucket
bucket contents are then reachable thru the local file share
one to one mapping between files and objects
bucket objects appear as file, files appear as objects
bucket object key is path
what happens when creating a file in a file share (in a storage gateway file share)
creates an identically named object in the corresponding s3 bucket
S3 storage classes
- Standard; for frequently accessed data
- Standard-IA; long-lived, infrequently accessed
- One Zone-IA; long-lived, infrequently accessed + non-critical data
file gateway virtual machine connection types to AWS cloud
standard internet (e.g. HTTPS)
AWS Direct Connect (DX),
AWS VPN
AWS Direct Connect (DX)
a connection type between file gateway vm and AWS cloud.
https://aws.amazon.com/directconnect/
AWS VPN
a connection type between file gateway vm and AWS cloud.
https://aws.amazon.com/vpn/
steps to create file gateway
- choose type
- choose host platform and deploy
- connect to and activate the gateway
- configure local disks
IAM user
user within an aws account with specific permissions
IAM group
group of users
IAM role
AWS identity with permission policies, but not uniquely associated with a person, but assumable by anyone for a limited time
File Gateway primary resource
file gateway
API operations and permissions
- ActivateGateway
- CreateNFSFileShare
- ListFileShares
- UpdateNFSFileShare
- etc https://docs.aws.amazon.com/storagegateway/latest/userguide/sg-api-permissions-ref.html
IAM Policy
defines which actions are allowed for which resources
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand.html
SMB fileshare accessing types
Microsoft Active Directory, Limited Access, Guest Access
SMB security levels
encryption, signing, client negotiated
encryption in transit types
SSL/TLS
encryption where?
in transit (SSL/TLS), file share, s3 bucket
CloudWatch and fileshares
tracks gateway metrics; eg read + write bytes
https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html
CacheHitPercent
how many of read operations are coming out of cache
CachePercentDirty
data written to cache, but not uploaded
metrics to determine network problems
writing bytes (WriteBytes), but CachePercentDirty climbing with low CloudBytesUploaded
CloudTrail function
logs API calls
use cases
online content repo, hybrid backup, big data + ML, vertical industry apps, distant collab
online content repo
store files on AWS
hybrid backup
backups stored on cloud; transition backup jobs to cloud; scripts to write to SMB, cascade to Gateway, S3 storage options
big data + ML
move data in Amazon S3, then use in other BD + ML tools
vertical industry
allows distribution of large specialized files; with durable archivable options
distant collab
across region; one region write to GWy, S3 replicate to other region, other region GWy read
