|Configuring for Other Aspera Products|
The steps below show how to set up IBM Aspera Enterprise Server as a transfer server for IBM Aspera Shares. The procedure assumes you have already set up your Shares application. For general information on setting up a transfer server (using the Node API), see Managing the Node API.
Follow the instructions in Standard Installation to install Enterprise Server either locally (on the same host as Shares) or remotely.
The steps below must be performed as root.
Aspera's Web applications authenticate to the remote node service using a Node API username and password. The following command creates a Node API user/password and associates it with a file transfer user, aspera_user_1, which you will create in the next step. The Node API credentials can then be used to create nodes. Note that different nodes may use different Node API username/password pairs.
# /opt/aspera/bin/asnodeadmin -a -u node_api_username -p node_api_passwd -x aspera_user_1
The file transfer user authenticates the actual ascp transfer, and must be an operating system account on the node. To create a transfer user—for example, aspera_user_1—run the following command:
# useradd aspera_user_1
After you've created the operating system account, set up this user in Enterprise Server. For instructions on setting up a user, see Setting Up Users.
For example, if the file transfer user is aspera_user_1, the standard location for the public key is in the user's home directory, as follows: C:\Users\aspera_user_1\.ssh\authorized_keys
The Aspera-provided key file is located in:
On the command line, run the following to create the user's public key folder (if it does not already exist):
# mkdir /home/aspera_user_1/.ssh
Run the following commands to create the keyfile authorized_keys (if it does not already exist), and append the key text to it. Update the directory permissions and ownership if necessary.
# cat /opt/aspera/var/aspera_id_dsa.pub >> /home/aspera_user_1/.ssh/authorized_keys
Run the following commands to change the key directory and keyfile's ownership to user aspera_user_1, to allow access by the aspera_user_1 group, and to set permission bits:
# chown -R aspera_user_1:aspera_user_1 /home/aspera_user_1/.ssh/authorized_keys # chmod 600 /home/aspera_user_1/.ssh/authorized_keys # chmod 700 /home/aspera_user_1 # chmod 700 /home/aspera_user_1/.ssh
Make the following changes in the aspera.conf file, located in /opt/aspera/etc:
<central_server> <persistent_store>enable</persistent_store> </central_server> <server> <server_name>server_ip_or_name</server_name> </server> <http_server> <http_port>8080</http_port> <enable_http>1</enable_http> <https_port>8443</https_port> <enable_https>1</enable_https> </http_server>
Whenever you change these settings, you must restart asperacentral and asperanoded.
# /etc/init.d/asperanoded restart # /etc/init.d/asperacentral restart
If you haven't done so already, set up the transfer user with an SSH public key as described in Setting Up Token Authorization.
In your aspera.conf file, add an authorization section for a transfer user as shown for the user aspera_user_1 in the example below. The authorization section should specify the following:
<user> <name>aspera_user_1</name> <authorization> <transfer> <in> <value>token</value> </in> <out> <value>token</value> </out> </transfer> <token> <encryption_key>gj5o930t78m34ejme9dx</encryption_key> </token> </authorization> <file_system> ... ... </file_system> </user>
Alternatively, you can configure token-authorization settings in a <group> section to be applied to all users in the group. Or, you can configure the settings in the <default> section to apply them globally for all users.
For additional details on configuring token authorization, see Setting Up Token Authorization.