This Guidance helps you move your on-premises tape storage to the AWS Cloud. Tape media management, media costs, third-party offsite contracts, and the sheer volume of data growth make tape backup challenging in any organization. AWS Storage Gateway offers a Tape Gateway configuration that gives you an alternative to physical backup tapes and fits seamlessly into your existing backup process. This Guidance helps you set up Tape Gateway, giving you the local performance of disk, a low-cost highly scalable cloud backend, a durable and cost-effective online archive, and minimal disruption to existing systems.
Please note: [Disclaimer]
Architecture Diagram
[Architecture diagram description]
Step 1
An on-premises backup application connects to your AWS Storage Gateway virtual machine through the Internet Small Computer Systems Interface (iSCSI).
Step 2
A Storage Gateway virtual machine installed in your virtual environment acts as an interface to the AWS Cloud.
Step 3
The cache storage acts as the durable store for any data awaiting upload from the upload buffer to Amazon Simple Storage Service (Amazon S3) from the upload buffer. The upload buffer provides a staging area for the gateway before it uploads the data to a virtual tape.
Step 4
The on-premises virtual machine connects to a Storage Gateway endpoint in your AWS account.
Step 5
A virtual tape is similar to a physical tape cartridge. However, virtual tape data is stored in Amazon S3.
Step 6
When your backup software ejects a tape, your gateway moves the tape to the archive for long-term storage. Tapes in the archive are stored in the virtual tape shelf (VTS). The VTS is backed by S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive.
Well-Architected Pillars
The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The six pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.
The architecture diagram above is an example of a Solution created with Well-Architected best practices in mind. To be fully Well-Architected, you should follow as many Well-Architected best practices as possible.
-
Operational Excellence
Tape Gateway offers a durable, cost-effective way to archive your data in the AWS Cloud. With its virtual tape library (VTL) interface, you use your existing tape-based backup infrastructure to store data on virtual tape cartridges that you create on your Tape Gateway. Each Tape Gateway is preconfigured with a media changer and tape drives. These are available to your existing client backup applications as iSCSI devices. You add tape cartridges as needed to archive your data.
-
Security
Storage Gateway uses Secure Socket Layer/Transport Layer Security (SSL/TSL) to encrypt data that is transferred between your gateway appliance and an AWS gateway appliance or AWS storage. By default, Storage Gateway uses Amazon S3-Managed Encryption Keys (SSE-S3) to server-side encrypt all data it stores in Amazon S3. You also have an option to use the Storage Gateway API to configure your gateway and encrypt data stored in the cloud using Server-Side Encryption with AWS Key Management Service (SSE-KMS) keys. For a virtual tape, you can configure your gateway to encrypt tape data stored in the cloud with AWS Key Management Service (AWS KMS)–managed keys by using the Storage Gateway API. You can specify one of the managed keys as the AWS KMS key. The key that you use to encrypt your tape data can't be changed after the tape is created.
-
Reliability
Storage Gateway provides high availability on VMware through a set of application-level health checks integrated with VMware vSphere High Availability (VMware HA). This approach helps protect storage workloads against hardware, hypervisor, or network failures. It also helps protect against software errors, such as connection timeouts and file share or volume unavailability.
-
Performance Efficiency
Be aware of the following bottlenecks—these can reduce the performance of your Tape Gateway below the theoretical maximum sustained throughput, affecting your bandwidth to the AWS Cloud:
- CPU core count
- Cache/Upload buffer disk throughput
- Total RAM amount
- Network bandwidth to AWS
- Network bandwidth from initiator to gateway
To improve write and read throughput performance of your Tape Gateway, visit Optimize iSCSI Settings, Use a Larger Block Size for Tape Drives, and Optimize the Performance of Virtual Tape Drives in the Backup Software.
-
Cost Optimization
Customers only pay for the storage they use and can optionally retain applications on-premises to reduce latency and control costs. Move your tapes from S3 Glacier Flexible Retrieval to S3 Glacier Deep Archive for long-term data retention and digital preservation at a very low cost. S3 Glacier Deep Archive is ideal for long-term data retention and digital preservation where the data is accessed once or twice a year.
-
Sustainability
The Tape Gateway automatically creates new virtual tapes to maintain the minimum number of available tapes that you configure. It then makes these new tapes available for import by the backup application so that your backup jobs can run without interruption. Automatic tape creation removes the need for custom scripting in addition to the manual process for creating new virtual tapes.
Implementation Resources
A detailed guide is provided to experiment and use within your AWS account. Each stage of building the Guidance, including deployment, usage, and cleanup, is examined to prepare it for deployment.
The sample code is a starting point. It is industry validated, prescriptive but not definitive, and a peek under the hood to help you begin.
Related Content
[Title]
Disclaimer
The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.
References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.