WANrockIT: Connecting to an AWS Storage Gateway


Traditionally the AWS Storage Gateway will be used in the following configuration:



Where the AWS Storage Gateway is run from an ESXi or Hyper-V image on-prem, large storage volumes will be attached. This is where the data is written and uploaded to S3 at the AWS Storage Gateway’s pace. This results in backed up data being on-prem for extended periods of time.

With Bridgeworks WANrockIT solution the data can be moved much faster into the cloud using the topology below:


Within a few seconds of your server registering that the data has be written, the data will be on EBS volumes in AWS being transferred to S3.


The following guide will teach you how to log onto your AWS Storage Gateway from your AWS WANrockIT Node, in order to present the gateway’s devices to your on-prem Node. This allows the devices to be used by on-prem hosts with WANrockIT acceleration. The AWS Storage Gateway and AWS WANrockIT Node should be deployed in the same VPC.


For a complete guide on configuring your AWS Storage Gateway please visit

Hardware Requirements

It is recommended that you should have large hard drives attached to the AWS Storage Gateway, in order to keep your performance high and to prevent having to wait for data being transmitted. As a guide it is recommended to have both a buffer drive and cache drive large enough to accommodate an entire backup cycle. E.g. if your company backed up 100GB of data per back up cycle, then the AWS Storage Gateway should have two 100GB hard drives attached as per the image below.



Configuring CHAP

Challenge-Handshaking Authentication Protocol (CHAP) will provide protection to your iSCSI target by verifying the identity of the iSCSI initiator which is accessing the target. It is not necessary for iSCSI connections, but is recommended. For a full description on setting up CHAP please visit:

Please note that the AWS Storage Gateway supports Mutual CHAP, whilst the WANrockIT Node has support for one-way CHAP.


One of the parameters to set up the access is the IQN of the iSCSI host that will connect in, called the “Initiator Name” on the AWS setup page. This parameter is located within the Bridgeworks GUI on the System Information page.


From the home screen click on the “System Information” button and you will be presented with the following screen, which contains the IQN.


Copy this IQN into the “Initiator Name” field and set up the passwords as you require. Particularly the “Secret Used to Authenticate Initiator” password, which will be required for One-Way CHAP. As shown in the image below:


Logging onto the AWS Storage Gateway


From the home screen click on the “iSCSI Initiator” icon, under the heading “Discovery Target Portals” click on the “Add” button. The page below will be displayed.


Enter the IP address of the AWS Storage Gateway, change the port if that has been altered and select the “Source Interface”. “CHAP Login” is not required at the discovery level for the AWS Storage Gateway.

Once your Discovery completes you will be presented with the screen below.


The storage gateway’s disk is now being presented as a target in the “Targets” list. The status of the device is inactive. Select the target from the “Targets” List and click the “Log On” button. You will be presented with the page below.


Select the “Source Interface” and the “Target Portal” to represent your network configuration. Enable the “CHAP Login” checkbox if required. The username field is filled in automatically for you; in the password field, enter the password you set for the AWS Storage Gateway “Secret Used to Authenticate Initiator” field. Click the “OK” button, and the AWS Storage Gateway’s disk should be successfully logged onto. This can be confirmed if you see the status of the target has changed to “connected” as shown below.


You will also notice that the disk is added to the “Persistent Targets” list. This will automatically log onto the medium changer again if the WANrockIT Node is rebooted.

Congratulations, you have successfully logged onto your AWS Storage Gateway. For help with setting up your WAN link click here, or for help with setting up your on-prem WANrockIT Node’s iSCSI target click here.

Bridgeworks have looked at the problem of data movement and come at it from an entirely new perspective. In mastering the rules of data movement over distance, Bridgeworks have now broken them to provide you with the ability to move significant volumes of business critical data in real time removing unacceptable time lags, that risk failure, delay or presents major costs to your business.