AWS Snowball

AWS Snowball

AWS Snowball is a petabyte-scale data physical storage solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud. AWS Snowball accelerates moving large amounts of data into and out of AWS using secure Snowball appliances. AWS transfers customers data directly onto and off of Snowball storage devices using Amazon’s high-speed internal network and bypasses the Internet. The AWS Snowball is simple to connect to customers existing networks and applications. Customers can initiate a AWS Snowball request through the AWS Management Console.

  • The Snowball appliance is purpose-built for efficient data storage and transfer, including a high-speed, 10 Gbps network connection designed to minimize data transfer times, allowing you to transfer up to 80 TB of data from your data source to the appliance in 2.5 days, plus shipping time.
  • While All AWS Regions have 80 TB Snowballs, US Regions have both 50 TB and 80 TB models. The AWS Snowball appliance is rugged enough to withstand an 8.5-G jolt. 

For datasets of significant size, transferring data with Snowball is simple, fast, more secure, and can be as little as one-fifth the cost of transferring data via high-speed Internet. AWS Snowball supports importing data into and exporting data from Amazon S3 buckets.

  • Customers use AWS Snowball to migrate analytics data, genomics data, video libraries, image repositories, backups, and to archive part of data center shutdowns, tape replacement or application migration projects. 
  • AWS Snowball Client is software that is installed on a local computer and is used to identify, compress, encrypt, and transfer data.

Parallelization can also help achieve maximum performance of customers data transfer. This could involve one or more of the following parallelization types: 

  • Using multiple instances of the Snowball client on a single workstation with a single AWS Snowball appliance; 
  • Using multiple instances of the Snowball client on multiple workstations with a single AWS Snowball appliance; and/or 
  • Using multiple instances of the Snowball client on multiple workstations with multiple Snowball appliances.

Customers can integrate Snowball with IAM to control which actions a user can perform. They can give the IAM users on their AWS account access to all Snowball actions or to a subset of them. Similarly, an IAM user that creates a Snowball job must have permissions to access the Amazon S3 buckets that will be used for the import operations.

  • AWS KMS protects the encryption keys used to protect data on each Snowball appliance. All data loaded onto a Snowball appliance is encrypted using 256-bit encryption.

A job in AWS Snowball (Snowball) is a discrete unit of work, defined when the client creates it in the console or the job management API. Jobs have types, details, and statuses. Each of those elements is covered in greater detail in the sections that follow. There are two different job types: 

  • import jobs and export jobs. Both of the Snowball job types are summarized following, including the source of the data, how much data can be moved, and the result the client can expect at successful job completion. 
  • Although these two types of jobs have fundamental differences, they share some common details. The source can be local to your data center or office, or it can be an Amazon S3 bucket.
  • Each import or export job for Snowball is defined by the details that customers specify when it’s created, which include name, type, ID, date, speed, IAM role ARN, AWS KMS key, Snowball capacity, Storage service, and Resources

Snowball Features

Snowball includes a 10GBaseT network connection (both RJ45 as well as SFP+ with either a fiber or copper interface) to minimize data transfer times. The Snowball device is designed to transfer multiple terabytes of data from your data source to the device in about a day, plus shipping time.

Snowball includes a ruggedized case designed to be both durable and portable. The Snowball device weighs less than 50 pounds, so it’s portable.

Snowball uses an innovative, E Ink shipping label designed to ensure the device is automatically sent to the correct AWS facility and also aids in tracking. Once you have completed your data transfer job, it can be tracked via Amazon Simple Notification Service (SNS), text messages, and the Console.

Snowball supports APIs that enable customers and partners to integrate their own applications with Snowball. The Snowball Job Management API lets customers create and manage jobs outside of the AWS Management Console. In addition, the Snowball S3 Adapter gives customers direct access to Snowball as if it were a S3 endpoint.

All data transferred to Snowball is automatically encrypted with 256-bit encryption keys that you can manage by using the AWS Key Management Service (KMS). The encryption keys are never sent to, or stored on the device, to help ensure your data stays secure during transit.

The Snowball device is equipped with tamper-resistant seals and includes a built-in Trusted Platform Module (TPM) that uses a dedicated processor designed to detect any unauthorized modifications to the hardware, firmware, or software. AWS inspects every device for any signs of tampering and to verify that no changes were detected by the TPM.

Once the data transfer job has been processed and verified, AWS performs a software erasure of the Snowball device that follows the National Institute of Standards and Technology (NIST) guidelines for media sanitization.

Key pairs:- Secure login information for your instances using key pairs (AWS stores the public key, and you store the private key in a secure place)

AWS Snowball in transit

There are two ways to get started with Snowball. Customers can create an import or export job using the AWS Snowball Management Console or they can use the Snowball Job Management API and integrate AWS Snowball as a part of your data management solution. 

  • The primary functions of the API are to create, list, and describe import and export jobs, and it uses a simple standards-based REST web services interface. 

Customers also have two ways to locally transfer data between a Snowball appliance and their on-premises data center. 

  • The Snowball client, available as a download from the AWS Import/Export Tools page, is a standalone terminal application that you run on your local workstation to do your data transfer. They can use simple copy (cp) commands to transfer data, and handling errors and logs are written to their local workstation for troubleshooting and auditing. 
  • The second option to locally transfer data between a Snowball appliance and your on-premises data center is the Amazon S3 Adapter for Snowball, which is also available as a download from the AWS Import/Export Tools page. You can programmatically transfer data between your on-premises data center and a Snowball appliance using a subset of the Amazon S3 REST API commands.

Snowball Best Practices

The workstation should be a powerful computer, able to meet high demands in terms of processing, memory, and networking. 

Run simultaneous instances of the Snowball client in multiple terminals, each using the copy operation to speed up your data transfer.

Workstation should be the local host for customers data.

Files must be in a static state while being copied. Files that are modified while they are being transferred are not imported into Amazon S3.

Don’t save a copy of the unlock code in the same location in the workstation as the manifest for that job. Saving the unlock code and manifest separately helps prevent unauthorized parties from gaining access to the Snowball. 

To protect this potentially sensitive information, delete these logs after the job that the logs are associated with enters Completed status.

To prevent data corruption, don’t disconnect the Snowball or change its network settings while transferring data. 

© 2021