Primer: File Gateway

Question 1

on premise architecture of File Gateway system

Answer 1

client(File share, File gateway appliance)
File share first checks cache.
Else, retrieves from S3

Retrieve from S3 by: NFS mount point, or SMB

Question 2

gateway region

Answer 2

selected on setup
sets where gateway is
however, gateway can connect to any region (connect to regions where s3 buckets are)

Question 3

once gateway exists, what happens when you mount a file share to that gateway

Answer 3

each file share is mapped a single s3 bucket
bucket contents are then reachable thru the local file share
one to one mapping between files and objects
bucket objects appear as file, files appear as objects
bucket object key is path

Question 4

what happens when creating a file in a file share (in a storage gateway file share)

Answer 4

creates an identically named object in the corresponding s3 bucket

Question 5

S3 storage classes

Answer 5

1. Standard; for frequently accessed data
2. Standard-IA; long-lived, infrequently accessed
3. One Zone-IA; long-lived, infrequently accessed + non-critical data

Question 6

file gateway virtual machine connection types to AWS cloud

Answer 6

standard internet (e.g. HTTPS)
AWS Direct Connect (DX),
AWS VPN

Question 7

AWS Direct Connect (DX)

Answer 7

a connection type between file gateway vm and AWS cloud.

https://aws.amazon.com/directconnect/

Question 8

AWS VPN

Answer 8

a connection type between file gateway vm and AWS cloud.

https://aws.amazon.com/vpn/

Question 9

steps to create file gateway

Answer 9

1. choose type
2. choose host platform and deploy
3. connect to and activate the gateway
4. configure local disks

Question 10

IAM user

Answer 10

user within an aws account with specific permissions

Question 11

IAM group

Answer 11

group of users

Question 12

IAM role

Answer 12

AWS identity with permission policies, but not uniquely associated with a person, but assumable by anyone for a limited time

Question 13

File Gateway primary resource

Answer 13

file gateway

Question 14

API operations and permissions

Answer 14

• ActivateGateway
• CreateNFSFileShare
• ListFileShares
• UpdateNFSFileShare
• etc https://docs.aws.amazon.com/storagegateway/latest/userguide/sg-api-permissions-ref.html

Question 15

IAM Policy

Answer 15

defines which actions are allowed for which resources

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand.html

Question 16

SMB fileshare accessing types

Answer 16

Microsoft Active Directory, Limited Access, Guest Access

Question 17

SMB security levels

Answer 17

encryption, signing, client negotiated

Question 18

encryption in transit types

Answer 18

SSL/TLS

Question 19

encryption where?

Answer 19

in transit (SSL/TLS), file share, s3 bucket

Question 20

CloudWatch and fileshares

Answer 20

tracks gateway metrics; eg read + write bytes

https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html

Question 21

CacheHitPercent

Answer 21

how many of read operations are coming out of cache

Question 22

CachePercentDirty

Answer 22

data written to cache, but not uploaded

Question 23

metrics to determine network problems

Answer 23

writing bytes (WriteBytes), but CachePercentDirty climbing with low CloudBytesUploaded

Question 24

CloudTrail function

Answer 24

logs API calls

Question 25

use cases

Answer 25

online content repo, hybrid backup, big data + ML, vertical industry apps, distant collab

Question 26

online content repo

Answer 26

store files on AWS

Question 27

hybrid backup

Answer 27

backups stored on cloud; transition backup jobs to cloud; scripts to write to SMB, cascade to Gateway, S3 storage options

Question 28

big data + ML

Answer 28

move data in Amazon S3, then use in other BD + ML tools

Question 29

vertical industry

Answer 29

allows distribution of large specialized files; with durable archivable options

Question 30

distant collab

Answer 30

across region; one region write to GWy, S3 replicate to other region, other region GWy read