Professional Documents
Culture Documents
1
Get the Most, from the Best!!
Topics
Amazon Elastic Block Store
(Amazon EBS)
Instance Store
Amazon Elastic File System
(Amazon EFS)
Amazon Simple Storage
Service (Amazon S3)
Amazon S3 Glacier
AWS Snowball
Get the Most, from the Best!!
AWS offers a complete range of cloud storage services to support both application
and archival compliance requirements. Select from object, file, and block storage
services as well as cloud data migration options to start designing the foundation of
your cloud IT environment.
These are some of the storage services that we will be discussing in this module.
Get the Most, from the Best!!
These are the data transfer and migration services we will discuss in this module.
Get the Most, from the Best!!
Network-attached
Persistent block storage
Boot and data volumes supported Instance 1 Instance 2
VM Host
Amazon Elastic Block Store (Amazon EBS) provides block-level storage volumes for
use with Amazon EC2 instances. Amazon EBS volumes are highly available and are
reliable storage volumes that can be attached to any running instance that is in the
same Availability Zone. Amazon EBS volumes that are attached to an Amazon EC2
instance are exposed as storage volumes that persist independently from the life of
the instance. With Amazon EBS, you pay only for what you use.
Get the Most, from the Best!!
New Amazon EBS volumes receive their maximum performance the moment that
they are available and do not require initialization. However, storage blocks on
volumes that were restored from snapshots must be initialized (pulled down from
Amazon S3 and written to the volume) before you can access the block. This
preliminary action takes time and can cause a significant increase in the latency of an
I/O operation the first time each block is accessed. Therefore, we recommend that
customers essentially ‘warm’ the volume in order to eliminate this penalty from
affecting production workloads, though this is not required and any increase in
latency may be minimal. If you’re restoring to an Amazon EBS volume from a
snapshot, the recommendation is to read all blocks from your volume.
For more information on the different mount points available in each operating
system, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-
volumes.html
Amazon EC2 C5/C5d and M5/M5d instances are built on the Nitro system, a
collection of AWS-built hardware and software components that enable high
performance, high availability, high security, and bare metal capabilities to eliminate
virtualization overhead. With the latest set of enhancements to the Nitro system, we
have increased the maximum EBS-optimized instance bandwidth to 14Gbps, up from
9Gbps and 10Gbps for C5/C5d and M5/M5d respectively. We have also increased the
maximum EBS-optimized instance IOPS for Nitro systems to 80,000 IOPS, up from
64,000 IOPS and 65,000 IOPS for C5/C5d and M5/M5d respectively. In addition we
have increased the EBS-optimized instance burst performance on the large, xlarge
and 2xlarge C5/C5d and M5/M5d instances to 3.5Gbps, up from 2.25 Gbps and 2.12
Gbps respectively. This performance increase enables you to speed up sections of
your workflows dependent on EBS-optimized instance performance. For storage
intensive workloads, you will have an opportunity to use smaller instance sizes and
still meet your EBS-optimized instance performance requirement, thereby saving
costs. With this performance increase, you will be able to handle unplanned spikes in
EBS-optimized instance demand without any impact to your application performance.
All new C5/C5d and M5/M5d instances starting today will be able to take advantage
of this performance increase at no additional cost. This performance increase is
available in all AWS regions where C5/C5d and M5/M5d are available. For details on
the performance increase for each instance size, see
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html.
Get the Most, from the Best!!
G
A H
B C D Snapshot 1 = ABC A B C
E F
Snapshot 2 = ABCDEF D E F
Snapshot
Snapshot 3 = GHCDEF G H
It is crucial to take snapshots of any data you may have in development, test, or
production on a regular basis. Amazon EBS provides the ability to take snapshots of
your volumes so that they can be restored in case the underlying hardware supporting
your volume fails or your volume is accidentally deleted.
If you add data to your Amazon EBS volume after copying your first snapshot and then
create a second snapshot, the new blocks will be copied to Amazon S3, and the second
snapshot will consist of a recipe to restore the volume consisting of the blocks from the
first snapshot and all new blocks. Snapshots are based on deltas. Only the changes from
previous snapshots need to be copied to Amazon S3.
If you update blocks on your Amazon EBS volume and then create a third snapshot,
only the blocks that have changed will be copied to Amazon S3, and the new recipe to
restore will consist of the updated blocks and any remaining blocks still present on your
Amazon EBS volume.
Test Your Knowledge
Question 1: If you delete snapshot 1, what will happen to blocks A, B, and C in the
Amazon S3 bucket?
Answer: Nothing. Because snapshot 2 has a recipe to restore that contains blocks A,
B, and C. Those blocks will remain even though Snapshot 1 has been deleted.
Question 2: If you delete snapshot 2, what will happen to blocks A, B, and C in the
Amazon S3 bucket?
Answer: Because blocks A, and B are no longer required to restore any remaining
snapshots, they will be deleted from Amazon S3. Because block C is still needed for
snapshot 3, it will be retained.
Get the Most, from the Best!!
Create a snapshot:
Question to Consider:
What command might you use to find the volume IDs associated with a given
Amazon EC2 instance?
Answer:
aws ec2 describe-instances will give you this information.
Get the Most, from the Best!!
First take a snapshot of the volume without quiescing. This step will take somewhat
longer than the next step, and probably will not contain all the data, as the volume
wasn't quiesced.
After the snapshot has been created, quiesce the file system, and then take another
snapshot, continuing with normal Amazon EBS usage.
While snapshots are stored in Amazon S3, they are not directly accessible using the
Amazon S3 utilities. Instead, you must use the Amazon EBS tools to restore and
manage snapshots.
Get the Most, from the Best!!
You can use Amazon Data Lifecycle Manager (Amazon DLM) to automate the
creation, retention, and deletion of snapshots taken to back up your Amazon EBS
volumes. Automating snapshot management helps you to:
• Protect valuable data by enforcing a regular backup schedule.
• Retain backups as required by auditors or internal compliance.
• Reduce storage costs by deleting outdated backups.
Combined with the monitoring features of Amazon CloudWatch Events and AWS
CloudTrail, Amazon DLM provides a complete backup solution for EBS volumes at no
additional cost.
Definition
◦ Block-level storage on a shared-
disk subsystem
◦ Fast
◦ Reclaimed when instance stopped Instance 1 Instance 2
or terminated
Use case
◦ Buffers
◦ Cache Ephemeral Ephemeral Ephemeral
Instances
0 1 2
◦ Scratch data Amazon Instance store
EBS
VM host computer in AWS
An instance store provides temporary block-level storage for your instance. This storage
is located on disks that are physically attached to the host computer. Instance store is
ideal for temporary storage of information that changes frequently, such as buffers,
caches, scratch data, and other temporary content, or for data that is replicated across
a fleet of instances, such as a load-balanced pool of web servers.
An instance store consists of one or more instance store volumes exposed as block
devices. The size of an instance store as well as the number of devices available varies
by instance type. While an instance store is dedicated to a particular instance, the disk
subsystem is shared among instances on a host computer.
Some instance types use NVMe (Non-Volatile Memory express) or SATA-based solid
state drives (SSD) to deliver high random I/O performance. This is a good option
when you need storage with very low latency, but you don't need the data to persist
when the instance terminates or you can take advantage of fault-tolerant
architectures. For more information, see SSD Instance Store Volumes.
Amazon EFS is a fully-managed service that makes it easy to set up and scale file
storage in the AWS cloud. With a few clicks in the AWS Management Console, you
can create file systems that are accessible to Amazon EC2 instances via a file system
interface (using standard operating system file I/O APIs) and that support full file
system access semantics (such as strong consistency and file locking).
Amazon EFS file systems can automatically scale from gigabytes to petabytes of data
without needing to provision storage. Tens, hundreds, or even thousands of Amazon
EC2 instances can access an Amazon EFS file system at the same time, and Amazon
EFS provides consistent performance to each Amazon EC2 instance. Amazon EFS is
designed to be highly durable and highly available. With Amazon EFS, there is no
minimum fee or setup costs, and you pay only for the storage you use.
When mounted on Amazon EC2 instances, an Amazon EFS file system provides a
standard file system interface and file system access semantics, allowing you to
seamlessly integrate Amazon EFS with your existing applications and tools. Multiple
Amazon EC2 instances can access an Amazon EFS file system at the same time,
allowing Amazon EFS to provide a common data source for workloads and
applications running on more than one Amazon EC2 instance. You can mount your
Amazon EFS file systems on your on-premises datacenter servers when connected to
your Amazon VPC with AWS Direct Connect. You can then migrate data sets to
Amazon EFS, enable cloud bursting scenarios, or backup your on-premises data to
Amazon EFS.
Get the Most, from the Best!!
NFS clients
EC2 Instance
EC2 Instance EC2 Instance
NFS NFS Network
Network Network Clients Clients Interface
Interface Interface Subnet
Network
Mount Network Mount Network Mount
Interface
Target Interface Target Interface Target
Mount Target Mount Target Mount Target
Subnet Subnet
Subnet
Amazon EFS
You can access your Amazon EFS file system concurrently from Amazon EC2 instances
in your Amazon VPC, so that applications that scale beyond a single connection can
access a file system. Amazon EC2 instances running in multiple Availability Zones
within the same region can access the file system, so that many users can access and
share a common data source.
In this illustration, the VPC has three Availability Zones, and each has one mount
target created in it. We recommend that you access the file system from a mount
target within the same Availability Zone. Note that one of the Availability Zones has
two subnets. However, a mount target is created in only one of the subnets.
Get the Most, from the Best!!
Get the Most, from the Best!!
It is easy to use and offers a simple interface to create and configure file systems that
are highly durable and highly available and that can be accessed from multiple
compute instances with the industry standard Server Message Block (SMB) protocol.
Get the Most, from the Best!!
Amazon FSx for Windows File Server provides fully managed Windows file servers,
backed by a fully–native Windows file system with the features, performance, and
compatibility to easily lift and shift enterprise applications to AWS.
Amazon FSx supports a broad set of enterprise Windows workloads with fully
managed file storage built on Microsoft Windows Server. Amazon FSx has native
support for Windows file system features and for the industry-standard Server
Message Block (SMB) protocol to access file storage over a network. Amazon FSx is
optimized for enterprise applications in the AWS Cloud, with native Windows
compatibility, enterprise performance and features, and consistent sub-millisecond
latencies.
With file storage on Amazon FSx, the code, applications, and tools that Windows
developers and administrators use today can continue to work unchanged. Windows
applications and workloads ideal for FSx include business applications, home
directories, web serving, content management, data analytics, software build setups,
and media processing workloads.
As a fully managed service, FSx for Windows File Server eliminates the administrative
overhead of setting up and provisioning file servers and storage volumes.
Additionally, Amazon FSx keeps Windows software up to date, detects and addresses
hardware failures, and performs backups. It also provides rich integration with other
AWS services like AWS Directory Service for Microsoft Active Directory, Amazon
WorkSpaces, AWS Key Management Service, and AWS CloudTrail.
Get the Most, from the Best!!
2
Active Directory trust
1
AWS Directory Service
Microsoft Active Directory
6 7
AWS Direct ROBOCOPY
Connect
3
Amazon EC2
Windows 5 \\Target\Share
instance
File server VPN connection
4 \\Source\Share
corporate data center AWS cloud
Built on Microsoft Windows Server, Amazon FSx for Windows File Server allows you
to migrate your existing file datasets fully into your Amazon FSx file systems. You can
migrate not just the data for each file, but also all the relevant file metadata including
attributes, time stamps, access control lists (ACLs), owner information, and auditing
information. With this total migration support, Amazon FSx enables moving your
Windows-based workloads and applications relying on these file datasets to the AWS
Cloud.
1. Deploy an AWS Directory Service for Microsoft Active Directory (AWS Managed
Microsoft AD) directory in your Amazon VPC.
2. Establish a one-way forest-level trust relationship between the AWS Managed
Microsoft AD directory and your on-premises Microsoft AD directory, where the
AWS Managed Microsoft AD directory forest trusts your on-premises Microsoft
AD forest.
3. Create an Amazon FSx file system in the same Amazon VPC, joined to your AWS
Managed Microsoft AD directory.
4. Note the location (for example, \\Source\Share) of the file share (either on-
premises or in AWS) that contains the existing files you want to transfer over to
Amazon FSx.
5. Note the location (for example, \\Target\Share) of the file share on your Amazon
FSx file system to which you want to transfer over your existing files.
6. Create an Amazon EC2 instance with Windows Server AMI
7. From the Command Prompt or Windows PowerShell as Administrator (using
the Run as Administrator option from the context menu), execute the RoboCopy
command to copy the files from the source share to the target share.
Get the Most, from the Best!!
Get the Most, from the Best!!
Amazon S3
Client
Amazon S3
Bucket
CLI sends GET request via S3 API
Object returned
The term “bucket” is a hint to the different approach that Amazon S3 takes with file
storage. Instead of a “folder,” you create a “bucket,” which is a large space that can
hold any number of objects.
Get the Most, from the Best!!
Amazon S3 provides Block Public Access settings for buckets and accounts to help you
manage public access to Amazon S3 resources. By default, new buckets and objects
don't allow public access, but users can modify bucket policies or object permissions
to allow public access. Amazon S3 Block Public Access provides settings that override
these policies and permissions so that you can limit public access to these resources.
With Amazon S3 Block Public Access, account administrators and bucket owners can
easily set up centralized controls to limit public access to their Amazon S3 resources
that are enforced regardless of how the resources are created. Our goal is to make
clear that public access is to be used for web hosting! This feature is designed to be
easy to use, and can be accessed from the Amazon S3 Console, the CLI, the S3 APIs,
and from within CloudFormation templates.
Block new public bucket policies – This option disallows the use of new public bucket
policies, and is used to ensure that future PUT requests that include them will fail.
Again, this does not affect existing buckets or objects. This setting ensures that a
bucket policy cannot be updated to grant public access.
Block public and cross-account access to buckets that have public policies – If this
option is set, access to buckets that are publicly accessible will be limited to the
bucket owner and to AWS services. This option can be used to protect buckets that
have public policies while you work to remove the policies; it serves to protect
information that is logged to a bucket by an AWS service from becoming publicly
accessible.
Get the Most, from the Best!!
Amazon S3 Object Lock enables you to store objects using the write once, read many
(WORM) model. Using Amazon S3 Object Lock, you can prevent an object from being
deleted or overwritten for a fixed amount of time or indefinitely. AmazonS3 Object
Lock enables you to meet regulatory requirements that require WORM storage or
simply to add an additional layer of protection against object changes and deletion.
Amazon S3 Object Lock has been assessed by Cohasset Associates for use in
environments that are subject to SEC 17a-4, CTCC, and FINRA regulations.
Amazon S3 Object Lock provides two ways to manage object retention: retention
periods and legal holds.
A retention period specifies a fixed period of time during which an object remains
locked. During this period, your object will be WORM-protected and can't be
overwritten or deleted.
A legal hold provides the same protection as a retention period, but has no expiration
date. Instead, a legal hold remains in place until you explicitly remove it. Legal holds
are independent from retention periods: an object version can have both a retention
period and a legal hold, one but not the other, or neither.
Retention Modes
Amazon S3 Object Lock provides two retention modes: Governance and Compliance.
These retention modes apply different levels of protection to your objects. You can
apply either retention mode to any object version that is protected by Amazon S3
Object Lock.
Governance mode, users can't overwrite or delete an object version or alter its lock
settings unless they have special permissions. Governance mode enables you to
protect objects against deletion by most users while still allowing you to grant some
users permission to alter the retention settings or delete the object if necessary. You
can also use Governance mode to test retention-period settings before creating a
Compliance-mode retention period. In order to override or remove Governance-
mode retention settings, a user must have
the s3:BypassGovernanceMode permission and must explicitly include x-amz-bypass-
governance-retention:true as a request header with any request that requires
overriding Governance mode.
Get the Most, from the Best!!
Region
Event notifications for Amazon S3 allow bucket owners (or others, as permitted by an
IAM policy) to configure their buckets so that notifications are issued to Amazon Simple
Queue Service (Amazon SQS), Amazon Simple Notification Service (Amazon SNS), or
AWS Lambda when a new object is added to or deleted from the bucket, or an existing
object is overwritten.
When configuring these notifications, you can also use prefix and suffix filters to opt in
to event notifications based on object name. For example, you can choose to receive
DELETE notifications for the images/ prefix and the .png suffix in a particular bucket.
Here’s what you need to do in order to start using this feature with your application:
1. Create the queue, topic, or Lambda function (which we’ll call target for brevity) if
necessary.
2. Grant Amazon S3 permission to publish to the target or invoke the Lambda
function. For Amazon SNS or Amazon SQS, you do this by applying an appropriate
policy to the topic or the queue. For AWS Lambda, you must create and supply an
IAM role, then associate it with the Lambda function.
3. Arrange for your application to be invoked in response to activity on the target. As
you will see in a moment, you have several options here.
4. Set the bucket’s Notification Configuration to point to the target.
aws s3 rm s3://mybucket/myprefix/file.txt
Get the Most, from the Best!!
aws s3api
create-multipart-upload
put-object-acl
put-bucket-policy
list-object-versions
While the aws s3 command is fine for simple use cases, it does not expose the full
feature set of Amazon S3. To gain access to advanced features, use the aws s3api
command instead. s3api supports manipulating the full range of data and metadata
associated with Amazon S3 buckets and objects, including bucket policies, access
control lists, multipart uploads, and versioning.
The API-level commands (contained in the s3api command set) provide direct access
to the Amazon S3 APIs and enable some operations not exposed in the high-level
commands. This section describes the API-level commands and provides a few
examples.
Delete Adds a Delete marker, but the object is still Deletes the object and it is no longer
retrievable by version ID. retrievable.
Versioning:
• Generates a new version with every upload.
• Deletes are logical deletes only; objects are not actually removed from bucket.
• Allows easy retrieval of deleted objects or roll back to previous versions
Buckets with versioning suspended behave like buckets that never had versioning
enabled.
Get the Most, from the Best!!
General Purpose
◦ Amazon S3 Standard
S3 Intelligent-Tiering
Infrequent Access
◦ Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
◦ Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
Archive
◦ Amazon S3 Glacier
Amazon S3 offers a range of storage classes designed for different use cases. These
include S3 Standard for general-purpose storage of frequently accessed data; S3
Intelligent-Tiering for data with unknown or changing access patterns; S3 Standard-
Infrequent Access (S3 Standard-IA) and S3 One Zone-Infrequent Access (S3 One Zone-
IA) for long-lived, but less frequently accessed data; and Amazon S3 Glacier (S3
Glacier) for long-term archive and digital preservation. Amazon S3 also offers
capabilities to manage your data throughout its lifecycle. Once an S3 Lifecycle policy
is set, your data will automatically transfer to a different storage class without any
changes to your application.
For more information on performance across the Amazon S3 storage classes, see
https://aws.amazon.com/s3/storage-
classes/#Performance_across_the_S3_Storage_Classes
Get the Most, from the Best!!
Automatically move data Two access tiers: Encrypt data in transit Use in lifecycle policies
to the most cost- • Frequent access and at rest
effective access tier • Infrequent access
For a small monthly monitoring and automation fee per object, Amazon S3 monitors
access patterns of the objects in S3 Intelligent-Tiering, and moves the ones that have
not been accessed for 30 consecutive days to the infrequent access tier. If an object
in the infrequent access tier is accessed, it is automatically moved back to the
frequent access tier.
There are no retrieval fees when using the S3 Intelligent-Tiering storage class, and no
additional tiering fees when objects are moved between access tiers. It is the ideal
storage class for long-lived data with access patterns that are unknown or
unpredictable.
S3 Storage Classes can be configured at the object level and a single bucket can
contain objects stored in S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, and S3
One Zone-IA. You can upload objects directly to S3 Intelligent-Tiering, or use S3
Lifecycle policies to transfer objects from S3 Standard and S3 Standard-IA to S3
Intelligent-Tiering. You can also archive objects from S3 Intelligent-Tiering to S3
Glacier.
Key Features:
• Same low latency and high throughput performance of S3 Standard
• Small monthly monitoring and auto-tiering fee
• Automatically moves objects between two access tiers based on changing access
patterns
• Designed for 99.999999999% of durability of objects across multiple Availability
Zones
• Resilient against events that impact an entire Availability Zone
• Designed for 99.9% availability over a given year
• Backed with the Amazon S3 Service Level Agreement for availability
• Supports SSL for data in transit and encryption of data at rest
• S3 Lifecycle management for automatic migration of objects to other Amazon S3
storage classes
Get the Most, from the Best!!
Use the AWS CLI to set the storage class on a specific object:
In order to achieve greater cost savings, objects in Amazon S3 You can be saved using
Reduced Redundancy Storage.
All objects in Amazon S3 have what is called a storage class. The default storage class
is Standard, which replicates data to achieve durability.
However, if you have data that is already backed up at your own facilities and is easily
recreated, or you are storing data that is derived from other durably stored data, you
can consider using the One Zone-Infrequent Access storage class for storing your
objects.
For more information on using High-Level S3 Commands with the AWS Command
Line Interface, see http://docs.aws.amazon.com/cli/latest/userguide/using-s3-
commands.html.
Amazon S3
Glacier
Amazon S3 Glacier is a secure, durable, and extremely low-cost cloud storage service
for data archiving and long-term backup. It is designed to deliver 99.999999999%
durability, and provides comprehensive security and compliance capabilities that can
help meet even the most stringent regulatory requirements. Amazon S3 Glacier
provides query-in-place functionality, allowing you to run powerful analytics directly on
your archive data at rest. To keep costs low yet suitable for varying retrieval needs,
Amazon S3 Glacier provides three options for access to archives, from a few minutes to
several hours.
Archives are stored in vaults. A vault is addressed by its unique name assigned to it by
its creator. A given AWS account may create up to 1,000 vaults in Amazon S3 Glacier.
Archives in Amazon S3 Glacier are referenced by a URL that points to the Amazon S3
Glacier service, and consists of the following components:
• The account ID of your AWS account
• The name of the vault
• The ID of the individual archive
Files added directly to Amazon S3 Glacier using the Amazon S3 Glacier API are retrieved
using the Amazon S3 Glacier API. Retrieval requests can be one of the following:
• Direct retrieval of a single archive object by archive ID.
• Filter by archive creation date.
• Ranged archive retrieval; retrieve only a specific range of bytes from a specific
archive.
Users can poll for job completion using the DescribeJob API function. Amazon S3
Glacier completion notifications can also be sent using Amazon SNS. When an Amazon
S3 Glacier job has finished executing, the user may request a download of their
“thawed” data.
Use data retrieval policies to set data retrieval limits and simplify data retrieval cost
management. Amazon S3 Glacier provides a free retrieval tier of 5% of the monthly
storage (pro-rated daily) and charges for retrievals that exceed the free tier based on
how quickly data is retrieved. With data retrieval policies, you can limit retrievals to
"Free Tier Only," or specify a "Max Retrieval Rate" to limit retrieval speed and
establish a retrieval cost ceiling. In both cases, Amazon S3 Glacier will not accept
retrieval requests that would exceed the predefined retrieval limits.
Amazon S3 Glacier supports audit logging with AWS CloudTrail, which records
Amazon S3 Glacier API calls for the customer account and delivers these log files to a
specified location. These log files provide visibility into actions performed on their
Amazon S3 Glacier assets. For instance, use audit logging to determine which users
have accessed a vault over the last month, or identify who deleted a particular
archive and when. Additionally, audit logging can help customers implement
compliance and governance objectives for their cloud-based archival system.
Get the Most, from the Best!!
Standard — Standard retrievals allow you to access any of your archives within
several hours. Standard retrievals typically complete within 3–5 hours. This is the
default option for retrieval requests that do not specify the retrieval option.
Bulk — Bulk retrievals are Amazon S3 Glacier’s lowest-cost retrieval option, which
you can use to retrieve large amounts, even petabytes, of data inexpensively in a day.
Bulk retrievals typically complete within 5–12 hours.
Customer premises
AWS Storage Gateway is a hybrid storage service that enables your on-premises
applications to seamlessly use AWS cloud storage. You can use the service for backup
and archiving, disaster recovery, cloud data processing, storage tiering, and migration.
Your applications connect to the service through a virtual machine or hardware
gateway appliance using standard storage protocols, such as NFS, SMB and iSCSI. The
gateway connects to AWS storage services, such as Amazon S3, Amazon Glacier, and
Amazon EBS, providing storage for files, volumes, and virtual tapes in AWS. The
service includes a highly-optimized data transfer mechanism, with bandwidth
management, automated network resilience, and efficient data transfer, along with a
local cache for low-latency on-premises access to your most active data.
46
Get the Most, from the Best!!
Customer premises
iSCSI
HTTPS
When connecting with this block interface, you can run the gateway in two different
modes: cached and stored. In cached mode, your primary data is stored in Amazon S3
and you retain your frequently accessed data locally. This results in a substantial cost
savings for primary storage because it minimizes the need to scale your storage on-
premises while retaining low-latency access to your frequently accessed data.
In stored mode, you store your entire data set locally while performing asynchronous
backups of this data in Amazon S3. This provides durable and inexpensive offsite
backups that you can recover locally or from Amazon EC2.
47
Get the Most, from the Best!!
Customer premises
iSCSI
HTTPS
This interface presents the Storage Gateway to your existing backup application as a
virtual tape library, which consists of a virtual media changer and virtual tape drives.
You can continue to use your existing backup applications while writing to an almost
limitless collection of virtual tapes. Each virtual tape is stored in Amazon S3, and
when you no longer require access to data on virtual tapes, your backup application
can archive it from the virtual tape library into Amazon S3 Glacier. This further
reduces your storage costs.
48
Get the Most, from the Best!!
Get the Most, from the Best!!
Sending data to Amazon S3 can now be done with a managed, highly available SFTP
endpoint.
Secure transfer using SFTP Retain existing workflows Simple to use Data stored in Amazon
into and out of AWS S3 bucket
AWS Transfer for SFTP is a fully managed service that enables the transfer of files
directly into and out of Amazon S3 using the Secure File Transfer Protocol (SFTP)—also
known as Secure Shell (SSH) File Transfer Protocol. AWS helps you seamlessly migrate
your file transfer workflows to AWS Transfer for SFTP—by integrating with existing
authentication systems, and providing DNS routing with Amazon Route 53—so nothing
changes for your customers and partners, or their applications. With your data in
Amazon S3, you can use it with AWS services for processing, analytics, machine
learning, and archiving. Getting started with AWS Transfer for SFTP (AWS SFTP) is easy;
there is no infrastructure to buy and setup.
Get the Most, from the Best!!
Get the Most, from the Best!!
AWS DataSync
AWS DataSync is a data transfer service that simplifies, automates, and accelerates
moving and replicating data between on-premises storage systems and AWS storage
services over the internet or AWS Direct Connect. As a fully managed service,
DataSync removes the need to modify applications, develop scripts, or manage
infrastructure. DataSync automatically handles many of the tasks related to data
transfers that can slow down migrations or burden your IT operations, including
running your own instances, handling encryption, managing scripts, network
optimization, and data integrity validation.
You can use DataSync to transfer data at speeds up to 10 times faster than open-
source tools. DataSync uses an on-premises software agent to connect to your
existing storage or file systems using the Network File System (NFS) protocol, so you
don’t have write scripts or modify your applications to work with AWS APIs.
You can use DataSync to copy data over AWS Direct Connect or internet links to AWS.
The service enables one-time data migrations, recurring data processing workflows,
and automated replication for data protection and recovery.
NFS TLS
Amazon S3
bucket
The diagram shows a high-level view of the DataSync architecture for transferring files
between on-premises storage and AWS storage services.
Get the Most, from the Best!!
Get the Most, from the Best!!
AWS Snowball is a solution for customers with large-scale data transfer challenges. It is
a petabyte-scale data transport solution that uses secure appliances to transfer large
amounts of data into and out of the AWS cloud. Using Snowball addresses common
challenges with large-scale data transfers including high network costs, long transfer
times, and security concerns. Transfer data with Snowball is simple, fast, secure, and
can be as little as one-fifth the cost of high-speed internet.
With Snowball, you don’t need to write any code or purchase any hardware to transfer
your data. Simply create a job in the AWS Management Console and a Snowball
appliance will be automatically shipped to you. Once it arrives, attach the appliance to
your local network, download and run the Snowball client to establish a connection,
and then use the client to select the file directories that you want to transfer to the
appliance. The client will then encrypt and transfer the files to the appliance at high
speed. Once the transfer is complete and the appliance is ready to be returned, the E
Ink shipping label will automatically update and you can track the job status via Amazon
Simple Notification Service (SNS), text messages, or directly in the console.
Snowball uses multiple layers of security designed to protect your data including
tamper-resistant enclosures, 256-bit encryption, and an industry-standard Trusted
Platform Module (TPM) designed to ensure both security and full chain-of-custody of
your data.
Get the Most, from the Best!!