Configuring for Faspex

The steps below describe configuring as the transfer server for IBM Aspera Faspex.

  1. Install Enterprise/Connect Server.
    If you haven't already, follow the steps in Standard Installation to install (the transfer server).

    The transfer server can be set up in either of the following configurations:

    • locally, on the same host as Faspex
    • remotely, on a separate host
    Note: For a local setup, most configuration is taken care of automatically when Faspex is installed in a later step. For this reason, Enterprise Server/Connect Server should be installed first.

    All steps must be performed as root.

  2. (Local Setup Only) Adjust aspera.conf settings if necessary.
    Open /opt/aspera/etc/aspera.conf and check the following:
    • In the <central_server> section, make sure <persistent_store> is set to enable (default value). This setting allows the retention of historical transfer data used by the stats collector.
    • Make sure that <dir_allowed> setting for the user faspex is set to true.
    If you change aspera.conf , you must restart asperacentral and asperanoded.Run the following commands:
    # /etc/init.d/asperanoded restart
    # /etc/init.d/asperacentral restart
    Note: If you are installing locally (on the same machine as Faspex), continue by installing Faspex as described in the Aspera Faspex Admin Guide.

    If you are setting up as a remote transfer server node, continue with the steps below.

  3. Create the system user on the transfer-server host.

    The system user authenticates the actual ascp transfer and must be an operating system account. Run the following commands to: (1) create the group faspex; (2) create the system user faspex; and (3) configure it to use the Aspera secure shell, aspshell.

    # /usr/sbin/groupadd -r faspex
    # /usr/sbin/useradd -r faspex -s /bin/aspshell-r -g faspex
  4. Create and configure the Faspex packages directory.

    Run the following commands to create the packages directory /home/faspex/faspex_packages:

    # mkdir -p /home/faspex/faspex_packages
    # chown -R faspex:faspex /home/faspex/faspex_packages 
  5. Add the faspex user to Enterprise/Connect Server.
    Launch the desktop application and click Configuration.
    Click the Configuration.

    In Server Configuration, open the Users tab. Then click the Add user button.



    In the Add User dialog that appears, fill in the name faspex and click OK; faspex is then added to the user list.

    To specify a docroot, make sure faspex is selected in the user list, and click the Docroot tab in the right panel. For the Absolute Path setting, check the Override box, and under Effective Value fill in /Users/faspex/faspex_packages. For the read, write, and browse settings, check the Override boxes and select true.

    You can also add and configure the faspex user for by modifying aspera.conf, instead of using the application GUI. For details, see Setting Up Users.

  6. Modify aspera.conf.
    The aspera.conf file is found in the following location:
    /opt/aspera/etc/aspera.conf

    Below is a typical aspera.conf file. Yours may differ, particularly if you have installed other Aspera products. Copy any absent portions from the example below. Modify the following settings, as necessary:

    • Add the Faspex package directory as a docroot. In the file below, look for the <absolute> tag to see how the docroot has been defined in this installation, and adjust yours accordingly.
    • In the <server_name> field, and ensure that server_ip_or_name has been replaced with the name or IP address of your server.
    • In the <central_server> section, confirm that <persistent_store> is set to enable (the default value).
    • Confirm that the <dir_allowed> setting for the faspex user is set to true.

    <?xml version='1.0' encoding='UTF-8'?>
    <CONF version="2"> 
    
    <central_server>
      <address>127.0.0.1</address>
      <port>40001</port>
      <compact_on_startup>enable</compact_on_startup>
      <persistent_store>enable</persistent_store>
      <persistent_store_on_error>ignore</persistent_store_on_error>
      <persistent_store_max_age>86400</persistent_store_max_age>
      <event_buffer_overrun>block</event_buffer_overrun>
    </central_server>
    <default>
      <file_system>
        <pre_calculate_job_size>yes</pre_calculate_job_size>
      </file_system>
    </default>
    <aaa>
      <realms>
        <realm>
          <users>
            <user>
              <name>faspex</name>
              <file_system>
                <access>
                  <paths>
                    <path>
                      <absolute>/home/faspex/faspex_packages</absolute>
                      <show_as>/</show_as>
                      <dir_allowed>true</dir_allowed>
                    </path>
                  </paths>
                </access>
                <directory_create_mode>770</directory_create_mode>
                <file_create_mode>660</file_create_mode>
              </file_system>
              <authorization>
                <transfer>
                  <in>
                    <value>token</value>
                  </in>
                  <out>
                    <value>token</value>
                  </out>
                </transfer>
                <token>
                  <encryption_key>af208360-dbdd-4033-a35b-2370941f37e9</encryption_key>
                </token>
              </authorization>
            </user>
          </users>
        </realm>
      </realms>
    </aaa>
    <http_server>
      <http_port>8080</http_port>
      <enable_http>1</enable_http>
      <https_port>8443</https_port>
      <enable_https>1</enable_https>
    </http_server>
    <server>
      <server_name>server_ip_or_name</server_name>
    </server>
    </CONF>

    After modifying aspera.conf, restart the asperacentral and asperanoded services by running the following commands:

    # /etc/init.d/asperacentral restart
    # /etc/init.d/asperanoded restart
  7. Verify that you have a valid Faspex-enabled transfer server license installed.
    To check this from the command line, run ascp -A and review the enabled settings list. For example:
    Enabled settings: connect, mobile, cargo, node, proxy, http_fallback_server, 
    group_configuration, shared_endpoints, desktop_gui

    If the list includes connect and http_fallback_server, you have a Faspex-enabled server license.

    You can also check the license from the desktop client GUI. Click Tools > License and if Connect Clients Enabled and Http Fallback Server Enabled are set to Yes, you have a Faspex-enabled license.

    If you update your license (see Updating the Product License), you must reload the asperanoded service afterwards. Reload the asperanoded service by running the following command:

    # /opt/aspera/bin/asnodeadmin --reload 
  8. Set up the node user.

    Set up the node user and associate it with the faspex user by running the asnodeadmin command, as in the following example in which node-admin is the node user, s3cur3_p433 is the node user's password, and faspex is the system user. Then run asnodeadmin again to reload asperanoded.

    # /opt/aspera/bin/asnodeadmin -a -u node-admin -p s3cur3_p433 -x faspex
    # /opt/aspera/bin/asnodeadmin --reload 
  9. Install the Connect key.
    Locate your Connect key:
     /opt/aspera/var/aspera_tokenauth_id_rsa.pub

    Create a .ssh folder (if it does not already exist) in the faspex user's home directory by running the following command:

    # mkdir -p /home/faspex/.ssh

    Run the following commands to create the keyfile authorized_keys (if it does not already exist), and append the key text to it:

    # cat /opt/aspera/var/aspera_tokenauth_id_rsa.pub >> /home/faspex/.ssh/authorized_keys

    Run the following commands to change the key directory and keyfile's ownership to the faspex user, to allow access by the faspex group, and to set permission bits:

    # chown -R faspex:faspex /home/faspex/.ssh/authorized_keys
    # chmod 600 /home/faspex/.ssh/authorized_keys
    # chmod 700 /home/faspex
    # chmod 700 /home/faspex/.ssh
  10. Ensure the firewall is set up correctly on your transfer server.
    For details, see Configuring the Firewall.
  11. Configure your remote transfer server in the Faspex Web GUI.
    Follow the instructions in Aspera Faspex Admin Guide: Transfer Server for configuring your remote transfer server in the Faspex Web GUI underServer > File Storage.