Accessing the agent's local console Configuring your agent network settings Testing your agent's connection to AWS Testing your agent's connection to your storage Checking your agent's system resources Synchronizing the time on your VMware agent Configuring other agent settings Getting help with your agent from AWS Support

Working with your AWS DataSync agent's local console

While AWS manages your AWS DataSync agent once it's deployed and activated, there might be cases where you need to change your agent's settings or troubleshoot an issue. Here are some examples of why you'd work with your agent through its local console:

Manually assign an IP address to the agent.
Test your agent's connection to AWS or a storage system.
Provide AWS Support access to your agent to help with an issue (such as a firewall misconfiguration).

Important

You don't need to use the agent's local console for standard DataSync functionality.

How you access the local console depends on the type of agent you're using.

For security reasons, you can't remotely connect to the local console of the DataSync agent virtual machine (VM).

If this is your first time using the local console, log in with the default credentials. The default user name is admin and the password is password.

Note
We recommend changing the default password. To do this, on the console main menu enter 5 (or 6 for VMware VMs), then run the passwd command to change the password.

To connect to an Amazon EC2 agent's local console, you must use SSH.

Before you begin: Make sure that your EC2 instance's security group allows access with SSH (TCP port 22).

Open a terminal and copy the following ssh command:
```
ssh -i /path/key-pair-name.pem instance-user-name@instance-public-ip-address
```
- For /path/key-pair-name, specify the path and file name (.pem) of the private key required to connect to your instance.
- For instance-user-name, specify admin.
- For instance-public-ip-address, specify the public IP address of your instance.
Run the ssh command to connect to the instance.

Once connected, the main menu of the agent's local console displays.

Configuring your agent's network settings

The default network configuration for the agent is Dynamic Host Configuration Protocol (DHCP). With DHCP, your agent is automatically assigned an IP address. In some cases, you might need to manually assign your agent's IP as a static IP address, as described following.

To configure your agent to use static IP addresses

Log in to your agent's local console.
On the AWS DataSync Activation - Configuration main menu, enter 1 to begin configuring your network.

On the Network Configuration menu, choose one of the following options.

To	Do this
Get information about your network adapter	Enter `1`. A list of adapter names appears, and you are prompted to enter an adapter name—for example, `eth0`. If the adapter you specify is in use, the following information about the adapter is displayed: Media access control (MAC) address IP address Netmask Agent IP address DHCP enabled status You use the same adapter name when you configure a static IP address (option 3) as when you set your agent's default route adapter (option 5).
Configure DHCP	Enter `2`. You are prompted to configure the network interface to use DHCP.
Configure a static IP address for your agent	Enter `3`. You are prompted to enter the Network adapter name. Important If your agent has already been activated, you must shut it down and restart it from the DataSync console for the settings to take effect.
Reset all your agent's network configuration to DHCP	Enter `4`. All network interfaces are set to use DHCP. Important If your agent has already been activated, you must shut down and restart your agent from the DataSync console for the settings to take effect.
Set your agent's default route adapter	Enter `5`. The available adapters for your agent are shown, and you are prompted to choose one of the adapters—for example, `eth0`.
Edit your agent's Domain Name System (DNS) configuration	Enter `6`. The available adapters of the primary and secondary DNS servers are displayed. You are prompted to provide the new IP address.
View your agent's DNS configuration	Enter `7`. The available adapters of the primary and secondary DNS servers are displayed. Note For some versions of the VMware hypervisor, you can edit the adapter configuration in this menu.
View routing tables	Enter `8`. The default route of your agent is displayed.

Testing your agent's connection to AWS

You can use your agent's local console to test your internet connection. This test can be useful when you are troubleshooting network issues with your agent.

To test your agent's connection to AWS DataSync endpoints

Log in to your agent's local console.
On the AWS DataSync Activation - Configuration main menu, enter 2 to begin testing network connectivity.
Enter the service endpoint type that your agent is connecting to. Valid endpoint types include public, FIPS, and VPC endpoints that are using AWS PrivateLink.

When the agent is activated, the Test Network Connectivity option can be initiated without any additional user input, because the Region and endpoint type are taken from the activated agent information.
1. To test public endpoint connectivity, enter 1, followed by the AWS Region in which your agent is activated. Connectivity test results against the correct endpoints for your agent's Region are displayed. For information about AWS Regions and endpoints, see Where can I use DataSync?.
  
  Each endpoint in the selected AWS Region displays either a PASSED or FAILED message.
2. To test FIPS endpoint connectivity, enter 2, followed by the AWS Region in which your agent is activated. Connectivity test results against the correct endpoints for your agent's Region are displayed. For information about AWS Regions and endpoints, see Where can I use DataSync?.
  
  Each endpoint in the selected AWS Region displays either a PASSED or FAILED message.
3. To test VPC endpoint connectivity, enter 3. Network connectivity test results for your agent's VPC endpoints are displayed.
  
  Each VPC endpoint displays either a PASSED or FAILED message.

For information about network and firewall requirements, see AWS DataSync network requirements.

Testing your agent's connection to your storage

You can test whether your DataSync agent can connect to the storage involved in your transfer. This test can help verify that you configured your transfer location correctly.

To test your agent's connection to your storage

Log in to your agent's local console.
On the AWS DataSync Activation - Configuration main menu, enter 3.
Enter one of the following options:
1. Enter 1 to test an NFS server connection.
2. Enter 2 to test an SMB server connection.
3. Enter 3 to test an object storage server connection.
4. Enter 4 to test an HDFS connection.
5. Enter 5 to test a Microsoft Azure Blob Storage connection.
Enter the storage server's IP address or domain name.

Remember the following when entering the IP address or domain name:
- Don't include a protocol. For example, enter mystorage.com instead of https://mystorage.com.
- For HDFS, enter the IP address or domain name of the NameNode or DataNode in the Hadoop cluster.
If requested, enter the TCP port for connecting to the storage server (for example, 80 or 443).

You'll see if the connectivity test PASSED or FAILED.

Checking your agent's system resources

When you log in to your agent console, virtual CPU cores, root volume size, and RAM are automatically checked. If there are any errors or warnings, they're flagged on the console menu display with a banner that provides details about those errors or warnings.

If there are no errors or warnings when the console starts, the menu displays white text. The View System Resource Check option will display (0 Errors).

If there are errors or warnings, the console menu displays the number of errors and warnings, in red and yellow respectively, in a banner across the top of the menu. For example, (1 ERROR, 1 WARNING).

To check your agent's system resources

Log in to your agent's local console.
On the AWS DataSync Activation - Configuration main menu, enter 4 to view the results of the system resource check.

The console displays an [OK], [WARNING], or [FAIL] message for each resource as described in the table following.

For Amazon EC2 instances, the system resource check verifies that the instance type is one of the instances recommended for use with DataSync. If the instance type matches that list, a single result is displayed in green text, as follows.

[ OK ] Instance Type Check

If the Amazon EC2 instance is not on the recommended list, the system resource check verifies the following resources.
- CPU cores check: At least four cores are required.
- Disk size check: A minimum of 80 GB of available disk space is required.
- RAM check:
  - 32 GB of RAM assigned to the instance for task executions working with up to 20 million files, objects, or directories.
  - 64 GB of RAM assigned to the instance for task executions working with more than 20 million files, objects, or directories.
- CPU flags check: The agent VM CPU must have either SSSE3 or SSE4 instruction set flags.
If the Amazon EC2 instance is not on the list of recommended instances for DataSync, but it has sufficient resources, the result of the system resource check displays four results, all in green text.

The same resources are verified for agents deployed in Hyper-V, Linux Kernel-based Virtual Machine (KVM), and VMware VMs.

VMware agents are also checked for supported version; unsupported versions cause a red banner error. Supported versions include VMware versions 6.5 and 6.7.

Synchronizing the time on your VMware agent

If you are using a VMware VM, you can view Network Time Protocol (NTP) server configurations and synchronize the VM time on your agent with your VMware hypervisor host.

To manage system time

Log in to your agent's local console.
On the AWS DataSync Activation - Configuration main menu, enter 5 to manage your system's time.

On the System Time Management menu, enter 1 to view and synchronize the VM system time.

To Do this

View and synchronize your VM time with NTP server time

To	Do this
View and synchronize your VM time with NTP server time	Enter `1`. The current time of your agent is displayed. Your agent determines the time difference between your agent VM and your NTP server time, and prompts you to synchronize the agent time with NTP time. After your agent is deployed and running, in some scenarios the agent's time can drift. For example, suppose that there is a prolonged network outage and your hypervisor host and agent don't get time updates. In this case, the agent's time is different from the true time. When there is a time drift, a discrepancy occurs between the stated times when operations such as snapshots occur and the actual times that the operations occur.
Edit your NTP server configuration	Enter `2`. You are prompted to provide a preferred and a secondary NTP server.
View your NTP server configuration	Enter `3`. Your NTP server configuration is displayed.

Enter 1.

The current time of your agent is displayed. Your agent determines the time difference between your agent VM and your NTP server time, and prompts you to synchronize the agent time with NTP time.

After your agent is deployed and running, in some scenarios the agent's time can drift. For example, suppose that there is a prolonged network outage and your hypervisor host and agent don't get time updates. In this case, the agent's time is different from the true time. When there is a time drift, a discrepancy occurs between the stated times when operations such as snapshots occur and the actual times that the operations occur.

Edit your NTP server configuration

Enter 2.

You are prompted to provide a preferred and a secondary NTP server.

View your NTP server configuration

Enter 3.

Your NTP server configuration is displayed.

Configuring other agent settings

In a DataSync agent's local console, you can perform some maintenance tasks and diagnose issues with your agent.

To run a configuration or diagnostic command in your agent's local console

Log in to your agent's local console.
On the AWS DataSync Activation - Configuration main menu, enter 5 (or for 6 a VMware VM) for the Command Prompt.

Use the following commands to perform the following tasks with your agent.

Command	Description
`dig`	Look up DNS information about the host.
`diskclean`	Perform disk cleanup.
`exit`	Return to the console configuration menu.
`h`	Display a list of available commands.
`ifconfig`	Display or configure network interfaces.
`ip`	Display or configure routing, devices, and tunnels.
`iptables`	Set up and maintain IPv4 packet filtering and network address translation (NAT).
`ncport`	Test connectivity to a specific network TCP port.
`nping`	Get information to troubleshoot network issues.
`open-support-channel`	Connect the agent to AWS Support.
`save-iptables`	Save IP table firewall rules permanently.
`save-routing-table`	Save a newly added routing table entry.
`sslcheck`	Verify whether an SSL certificate is valid.
`tcptraceroute`	Collect `traceroute` output on TCP traffic to a destination.

Follow the onscreen instructions.

Getting help with your agent from AWS Support

You can allow AWS Support to access your AWS DataSync agent and assist you with troubleshooting agent issues. By default, AWS Support access to your agent is disabled. You enable this access through the host's local console. To give AWS Support access to DataSync, you first log in to the local console for the host and then connect to the support server.

To log in to an agent running on Amazon EC2, create a rule for the instance's security group that opens TCP port 22 for Secure Shell (SSH) access.

Note

If you add a new rule to an existing security group, the new rule applies to all instances that use that security group. For more information about security groups and how to add a security group rule, see Amazon EC2 security groups for Linux instances in the Amazon EC2 User Guide.

To enable AWS Support access to AWS DataSync

Log in to your host's local console.

If this is your first time logging in to the local console, see Accessing the agent's local console.
At the prompt, enter 5 to open the command prompt (for VMware VMs, use 6).
Enter h to open the AVAILABLE COMMANDS window.
In the AVAILABLE COMMANDS window, enter the following to connect to AWS Support:

open-support-channel

If you are using the agent with VPC endpoints, you must provide a VPC endpoint IP address for your support channel, as follows:

open-support-channel vpc-ip-address

Your firewall must allow the outbound TCP port 22 to initiate a support channel to AWS. When you connect to AWS Support, DataSync assigns you a support number. Make a note of your support number.

Note
The channel number isn't a Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port number. Instead, it makes an SSH (TCP 22) connection to servers and provides the support channel for the connection.
When the support channel is established, provide your support service number to AWS Support so that they can provide troubleshooting assistance.
When the support session is finished, press Enter to end it.
Enter exit to log out of the DataSync local console.
Follow the prompts to exit the local console.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Managing your agent

Replacing your agent