![]() ![]() The OVA for the agent deployment can be downloaded from the DataSync console. All communication between your DataSync agent and the DataSync service remains in this VPC.Ģ. Deploy a DataSync agent on-premises, where it can access your source storage location via NFS or SMB. This should be a VPC that extends to your on-premises environment via routing rules over Direct Connect or VPN. The diagram below illustrates the setup in more detail, and specifies the AWS resources mentioned in the different steps.ġ. Choose the VPC and subnet where you’d like to set up the DataSync private IPs. Once this setup is completed, you can create as many transfer tasks as you need, connecting between your on-premises storage and storage in AWS. This includes a one-time setup of an agent that reads from your source storage, and a one-time setup of a VPC endpoint that the agent communicates with. ![]() Setting up the transferīelow I provide a step-by-step guide for configuring DataSync to use private IPs. Your DataSync agent will send traffic through these ENIs in order to transfer data from your on-premises shares into AWS. In addition, for each transfer task, four elastic network interfaces (ENIs) will automatically get placed in your VPC. This includes commands to the service, such as starting a data transfer. This endpoint will be used for communication between your agent and the DataSync service. In configuring this setup, you’ll place a private VPC endpoint in your VPC that connects to the DataSync service. Using DataSync with VPC endpoints means that your agent can communicate with the DataSync service endpoints using private IPs. Once deployed, the agent acts as an extension of the DataSync service, and is managed seamlessly by AWS. The agent is deployed as a virtual machine that should be deployed on-premises in the same LAN as your source storage to minimize the distance traveled via protocols, such as NFS. How this worksĭataSync uses an agent to transfer data from your on-premises storage. This means that you can eliminate all internet access from your on-premises, but still use DataSync for data transfers to and from AWS using Private IP addresses. When using only private IPs, you can ensure that your VPC is not reachable over the internet, and prevent any packets from entering or exiting the network. To operate the service and to transfer your files, you can either utilize public service endpoints in their respective AWS Regions (such as ), or transfer files via your Direct Connect or VPN utilizing private IP addresses accessible only from within your VPC. ![]() It uses a purpose-built network protocol and scale-out architecture to accelerate the transfer of data to AWS. The benefits of using DataSync with VPC endpointsĭataSync allows you to configure a source storage location (NFS or SMB share) on-premises, and a destination in AWS storage services (Amazon S3 or Amazon EFS). In this post, I’ll briefly walk through the services that enable such network setup, the security benefits that they provide, and the best practices to set up the transfer. In addition to these security measures, some of our customers need to move data from their on-premises storage to AWS via Direct Connect or VPN, without traversing the public internet, to further increase the security of the copied data. DataSync is also managed by standard AWS tools such as IAM (for S3) and security groups (for EFS). DataSync adheres to high standards of information security: all data transferred between the source and destination is encrypted via TLS, data is never persisted by DataSync, and access to AWS storage locations is entirely in your control. Many of our customers are using DataSync to migrate on-premises storage to AWS, in order to shut down entire data centers, or move cold data to more cost-effective storage. We recently expanded the service to support direct transfers to all S3 storage classes. AWS DataSync is a service we launched at re:Invent 2018 to simplify, automate, and accelerate data transfer between on-premises storage and AWS, such as Amazon Elastic File System (EFS) and Amazon S3. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |