PROVIDE ON-PREMISES APPLICATIONS
ACCESS TO VIRTUALLY UNLIMITED CLOUD STORAGE WITH
AWS STORAGE GATEWAY
What is AWS Storage Gateway?
AWS Storage Gateway is a hybrid cloud storage solution that connects an on-premises environment with AWS. This service provides flexibility in maintaining an on-premise infrastructure for some applications and adopting the cloud environment for achieving scalable and reliable solutions.
Storage Gateway appliance uses standard storage protocols like NFS and iSCSI which the application connects to and stores the data. AWS Storage Gateway’s software appliance is available as a virtual machine (VM) or as a physical hardware appliance.
Storage Gateway is broadly classified into three.
-
File Gateway
-
Volume Gateway
-
Tape Gateway
​
-
File Gateways
The File Gateway enables you to store and retrieve objects in Amazon S3 using file protocols, such as NFS. Objects written through File Gateway can be directly accessed in S3. All Objects are automatically encrypted using SSE-S3. A Local cache is provisioned using on-premise storage to access the most recently accessed files to optimize latency.
​
-
Volume Gateway
Volume Gateway presents block storage volumes of applications via the iSCSI protocol. Data written to these volumes can be asynchronously backed up as point-in-time snapshots and stored in the cloud as Amazon EBS snapshots. Volume gateway operates in either stored mode or cached mode.
In the Stored mode, primary data is stored locally, also asynchronously backing up that data to AWS. Stored volumes help in accessing on-premises applications with low -latency, plus it provides offsite backup. In a disaster, the EBS snapshots can be used to create new EBS volumes and attached to the EC2 instance.
In the cached mode, entire data is stored in S3 and frequently accessed data is retained locally in the cache for low latency access. Cached volumes minimize the need to scale your on-premises storage infrastructure, while still providing your applications with low-latency access to their frequently accessed data.
​
-
Tape Gateway
The tape gateway allows backup applications with an iSCSI virtual tape library (VTL) interface, consisting of a virtual media changer, virtual tape drives, and virtual tapes. Virtual tape data is stored in Amazon S3 or can be archived to Amazon S3 Glacier. It also encrypts data between gateway and AWS to enable secure data transfer, compresses data, and transitions virtual tapes to bring down the storage costs.
​
Security and Compliance
Encryption in Transit and at Rest
Data traversed between gateway appliance and AWS storage is encrypted using SSL. Data at rest is encrypted using Amazon S3-Managed Encryption Keys (SSE-S3). Apart from this, we can also use AWS KMS to encrypt the stored data.
Compliance
AWS Storage Gateway is certified with SOC, PCI, ISO, FedRAMP, HIPAA, etc. It can be used for storing PHI data.
Pricing
Similar to all other resources pricing is based on pay for what you use. The Price depends on the types of storage (S3, EBS, etc) and the region. For Storage Gateway, the price is based on the gateway usage (per gateway per month). Refer AWS pricing calculator for more details.
Conclusion
This blog covers AWS Storage Gateway, components, and features in a high level. It is easy to deploy and it also offers a great amount of flexibility. More articles on Storage Gateway are expected to come soon.
​
Author
Cyril Johnson, StarOne IT Solutions