Configuring for Aspera for SharePoint

This section describes how to set up IBM Aspera Enterprise Server as a transfer server for IBM Aspera for Microsoft SharePoint. It assumes that you have already set up your Microsoft SharePoint environment and configured (provisioned) it for SharePoint apps.
Note: In order to use IBM Aspera Enterprise Server as the transfer server for Aspera for SharePoint, you must run Enterprise Server on Windows 2012 or 2012 R2; or on Linux.
The basic steps are
  1. Install the transfer server.
  2. Create a system user on the transfer server host.
  3. Create a directory to be the transfer user's docroot.
  4. Create the SSH key for the system user.
  5. Add the new system user as a transfer user to Enterprise/Connect Server.
  6. Specify a docroot for the new transfer user.
  7. Modify aspera.conf.
  8. Ensure that the firewall is set up correctly on your transfer server host.
  9. Verify your transfer server license.
  10. Set up a node user.
  11. Configure the Aspera for SharePoint application.

These steps are described in detail below.

  1. Install the transfer server.

    If you haven't already, follow the steps in Standard Installation to install Enterprise Server.

    The transfer server that you will use with Aspera for SharePoint must be installed on a host separate from your Microsoft SharePoint environment hosts.

    Note: Aspera recommends you run Enterprise/Connect Server on a Linux host.

    All steps must be performed as root.

  2. Create a system user on the transfer server host.

    The system user authenticates the actual ascp transfer and must be an operating system account.

    Run the following command to (1) create the system user sharepoint; (2) configure it to use the Aspera secure shell, aspshell; and (3) create the group sharepoint and assign the new system user to it.

    # /usr/sbin/useradd -r sharepoint -s /bin/aspshell-r -g sharepoint
  3. Create a directory to be the system user's docroot.

    This must be a location owned by the system user.

    You will use this location later in the configuration process, at Step 6.

  4. Create the .ssh directory and public key file for the system user.

    The standard location for the public key is in the user's home directory.

    /home/sharepoint/.ssh/authorized_keys

    The Aspera-provided key file is located in:

    /opt/aspera/var/aspera_id_dsa.pub

    1. On the command line, run the following to create the user's public key directory (if it does not already exist):
      # mkdir /home/aspera_user_1/.ssh
    2. Run the following commands to create the file authorized_keys (if it does not already exist), and append the key text to it.
      # cat /opt/aspera/var/aspera_id_dsa.pub >> /home/sharepoint/.ssh/authorized_keys
    3. Run the following commands to change the directory and file's ownership to system user sharepoint, to allow access by the sharepoint group, and to set permission bits:
      # chown -R sharepoint:sharepoint /home/sharepoint/.ssh/authorized_keys
      # chmod 600 /home/sharepoint/.ssh/authorized_keys
      # chmod 700 /home/sharepoint
      # chmod 700 /home/sharepoint/.ssh 
  5. Add the sharepoint system user as a transfer user to Enterprise/Connect Server.
    Note: This step can also done by modifying aspera.conf, instead of using the application GUI. For details, see Setting Up Users.
    1. Launch the Enterprise Server desktop application as administrator, and click Configuration.

      Click Configuration.

    2. In the Server Configuration dialog, select the Users tab. Then click the Add user button.

      Add the user.

    3. In the Add User dialog that appears, type sharepoint and click OK. The system user sharepoint is then added to the user list.
  6. Specify a docroot for the new transfer user sharepoint.
    Still in the Server Configuration dialog, select the Users tab and do the following:
    1. Make sure sharepoint is selected in the user list.
    2. Open the Docroot tab in the right-hand panel.
    3. Set the following on the Docroot tab:
      Row Override Setting Effective Value Setting
      Absolute Path selected (checked) /Users/sharepoint/ or whatever location you created in Step 3
      ad Allowed selected (checked) true
      Write Allowed selected (checked) true
      Browse Allowed selected (checked) true
    Note: This step can also be done by modifying aspera.conf, instead of using the application GUI. For details, see Setting Up Users.
  7. Modify aspera.conf.

    The aspera.conf file is found in the following location:

    /opt/aspera/etc/aspera.conf

    Below is a typical aspera.conf file. Yours may differ, particularly if you have installed other Aspera products.
    1. Modify the following settings, as necessary:
      • <persistent_store>

        In the <central_server> section, find <persistent_store> and ensure that it is set to enable (the default value).

        This setting allows the retention of the historical transfer data that the stats collector uses.

      • <transfer> and <token>
        To enable token authorization for the transfer user, add an authorization section that includes:
        • a <transfer> section specifying that both incoming and outgoing transfers (in and out) should use token encryption
        • a <token> section with an encryption key, which is a string of random characters (at least 20 characters recommended).
        See the example below.
        Note: Alternatively, you can configure token-authorization settings in a <group> section to be applied to all users in the group. Or, you can configure the settings in the <default> section to apply them globally for all users.

        For additional details on configuring token authorization, see Setting Up Token Authorization.

      • <dir_allowed>

        In the <file_system> section, find <dir_allowed> and ensure that it is set to true.

      • server_name

        In the server section, find <server_name> and ensure that server_ip_or_name is replaced with the name or IP address of your server.

      <central_server>
          <persistent_store>enable</persistent_store>
      </central_server>
      ...
      <user>
          <name>sharepoint</name>
              <authorization>
                  <transfer>
                      <in>
                          <value>token</value>
                      </in>
                      <out>
                          <value>token</value>
                      </out>
                  </transfer>
                  <token>
                      <encryption_key>gj5o930t78m34ejme9dx</encryption_key>
                  </token>
              </authorization>
              <file_system>
                  <access>
                      <paths>
                          <path>
                              <dir_allowed>true</dir_allowed>
                          </path>
                      </paths>
                  </access>
              ...
      </user>
      ...
      <server>
          <server_name>server_ip_or_name</server_name>
      </server>
    2. After any change to aspera.conf, you must restart the asperacentral and asperanoded services.
      # /etc/init.d/asperanoded restart
      # /etc/init.d/asperacentral restart
  8. Ensure that the firewall is set up correctly on your transfer server host.
    For details, see Configuring the Firewall.
  9. Verify your transfer server license.

    Verify that your transfer server license is Connect Server-enabled. (Aspera for SharePoint requires a Connect Server-enabled license.)

    To check this from the command line, run ascp -A and review the enabled settings list.

    For example:

    Enabled settings: connect, mobile, cargo, node, proxy, http_fallback_server, 
    group_configuration, shared_endpoints, desktop_gui

    If the list includes connect, you have a Connect Server-enabled license.

    You can also check the license from the Enterprise Server desktop client GUI. The License dialog (Tools > License) includes the Connect Clients Enabled field. If it is set to Yes, you have a Connect Server-enabled license.

    Because this Faspex configuration uses Enterprise Server as a remote transfer service, it requires the Aspera Node API. For this reason, whenever you update your Enterprise Server license (see Updating the Product License), you must reload the asperanoded service afterwards. Reload the asperanoded service by running asnodeadmin, found in the following location:

    # /opt/aspera/bin/asnodeadmin --reload 
  10. Set up a node user.

    A node user is the entity that Aspera's applications use for authentication between the Web application and the transfer server.

    1. Create a node user, and then associate it with the system user that you created and configured in previous steps.
      Run the asnodeadmin command to
      • Create the node_sharepoint node user.
      • Assign a password of s3cur3_p433 to the node_sharepoint node user.
      • Associate the node_sharepoint node user with the sharepoint transfer user.
      # /opt/aspera/bin/asnodeadmin -a -u node_sharepoint -p s3cur3_p433 -x sharepoint
    2. Reload the asperanoded service.
      # /opt/aspera/bin/asnodeadmin --reload 
    3. Verify the node user.
      Run the asnodeadmin command to
      • Verify that the node user was created.
      • Verify the association between the node user and the transfer user.
      # /opt/aspera/bin/asnodeadmin -l 

      The output for this command should resemble the following:

      List of node user(s):
                      user       system/transfer user                    acls
      ====================    =======================    ====================
            sharepointnode                 sharepoint    []
                    spnode              aspera_user_1    []
  11. Configure the Aspera for SharePoint application.

    Add the transfer server to your Aspera for SharePoint installation, mapping it to a document library. For details, see the IBM Aspera for Microsoft SharePoint Administrator's Guide at http://downloads.asperasoft.com/en/downloads/47.

    Note: The transfer server must be installed, configured, and running before you set up Aspera for SharePoint.