Configuring for Aspera for SharePoint

IBM Aspera Enterprise Server must be configured to work as a transfer server for IBM Aspera for Microsoft SharePoint. These instructions assume that you have already set up your Microsoft SharePoint environment and configured (provisioned) it for SharePoint apps.
Note: In order to use IBM Aspera Enterprise Server as the transfer server for Aspera for SharePoint, you must run Enterprise Server on Windows 2012 or 2012 R2; or on Linux. Aspera recommends you run Enterprise/Connect Server on a Linux host.
The basic steps are:
  1. Install the transfer server.
  2. Create a system user on the transfer server host.
  3. Log in to the host as the system user.
  4. Create a folder to be the transfer user's docroot.
  5. Create the SSH key for the system user.
  6. Add the new system user as a transfer user to Enterprise/Connect Server.
  7. Specify a docroot for the new transfer user.
  8. Modify aspera.conf.
  9. Ensure that the firewall is set up correctly on your transfer server host.
  10. Verify your transfer server license.
  11. Set up a node user.
  12. Configure the Aspera for SharePoint application.

These steps are described in detail below.All steps must be performed with administrator permissions.

  1. Install the transfer server.
    If you haven't already, follow the steps in Installation and Upgrades to install Enterprise Server.

    The transfer server that you use with Aspera for SharePoint must be installed on a host separate from your Microsoft SharePoint environment hosts.

  2. Create a system user on the transfer server.
    The system user authenticates the actual ascp transfer and must be an operating system account.

    To create a new system user sharepoint on your Windows system, go to Control Panel > User Accounts. After adding the sharepoint user, change the user's password.

  3. Log in as the sharepoint system user.
    This creates the user profile folder for this user. For example, C:Users\sharepoint.

    Then log back in as administrator and continue the steps below.

  4. Create a folder to be the system user's docroot.
    This must be a location owned by the system user.

    You will use this location later in the configuration process, at Step 7.

  5. Create the .ssh folder and public key file for the system user.
    The standard location for the public key is in the user profile folder..

    The Aspera-provided key file is located in:

    C:\Program Files [(x86)]\Aspera\Enterprise Server\var\aspera_tokenauth_id_rsa.pub
    • Open a command prompt window and run the following commands to create the user's public key folder:
      > cd user_profile_folder
      > md .ssh
    • Use a text editor to create the following file (with no file extension), if the file does not already exist: users_home_folder\.ssh\authorized_keys
    • Copy the contents of aspera_tokenauth_id_rsa.pub to the authorized_keys file.
    • Update the permissions for the .ssh folder:

      In Windows Explorer, right-click the .ssh folder, and select Properties > Security. Set permissions to read, write, and execute (full control).

  6. Add the sharepoint system user as a transfer user to Enterprise/Connect Server.
    • Launch the Enterprise Server desktop application as administrator, and click Configuration.

      Click Configuration.

    • In the Server Configuration dialog, select the Users tab. Then click the Add user button.

      Add the user.

    • In the Add User dialog that appears, type sharepoint and click OK. The system user sharepoint is then added to the user list.
  7. Specify a docroot for the new transfer user sharepoint.
    Still in the Server Configuration dialog, select the Users tab and do the following:
    • Make sure sharepoint is selected in the user list.
    • Open the Docroot tab in the right-hand panel.
    • Set the following on the Docroot tab:
      Row Override Setting Effective Value Setting
      Absolute Path selected (checked) /Users/sharepoint/ or whatever location you created in Step 4
      ad Allowed selected (checked) true
      Write Allowed selected (checked) true
      Browse Allowed selected (checked) true
  8. Configure the server.
    In a Command Prompt window, run the following commands to set the server name with the name or IP address of your server, enable persistent storage (persistent storage is enabled by default), ensure the transfer user has browse privileges, and enable token authorization for the transfer user, and enable HTTP and HTTPS:
    > asconfigurator -x "set_server_data;server_name,server_ip_or_name"
    > asconfigurator -x "set_central_server_data;persistent_store,enable"
    > asconfigurator -x "set_user_data;username,username;dir_allowed,true"
    > asconfigurator -x "set_user_data;user_name,username;authorization_transfer_in_value,token"
    > asconfigurator -x "set_user_data;user_name,username;authorization_transfer_in_value,token"
    > asconfigurator -x "set_user_data;user_name,username;token_encryption_key,encryption_key"

    Alternatively, you can configure token-authorization settings to apply to all users in a group or to apply them globally for all users. For more information, see User, Group and Default Configurations.

  9. Restart the Aspera Central, Aspera NodeD, and Aspera HTTPD services to activate your configuration changes.

    You can restart the Aspera Central from the Computer Management window. Go to Control Panel > Administrative Tools > Computer Management > Services and Applications > Services, click Aspera Central, and click Restart.

    Go to Control Panel > Administrative Tools > Computer Management > Services and Applications > Services, click Aspera NodeD, and click Restart.

    Go to Control Panel > Administrative Tools > Computer Management > Services and Applications > Services, click Aspera HTTPD, and click Restart.

  10. Ensure that the firewall is set up correctly on your transfer server host.
    For details, see Configuring the Firewall.
  11. Verify your transfer server license is Connect-enabled.
    • From the command line: In a Command Prompt window, run the following command and inspect the output, which lists the enabled settings:
      > ascp -A
      Enabled settings: connect, mobile, cargo, node, proxy, http_fallback_server, 
      group_configuration, shared_endpoints, desktop_gui

      If the list includes connect, you have a Connect-enabled server license.

    • In the Enterprise Server GUI: Click Tools > License and if Connect Clients Enabled is set to Yes, then you have a Connect-enabled license.

    When you update your Enterprise Server license (see Updating the Product License), you must reload the asperanoded service afterwards by running the following command:

    > asnodeadmin --reload
  12. Configure the transfer user with a Node API username and password.
    • Run the asnodeadmin command to create the node_sharepoint node user, assign it a password, and associate it with the sharepoint transfer user:
      > asnodeadmin.exe -a -u node_sharepoint -p node_password -x sharepoint 
    • Reload the asperanoded service:
      > asnodeadmin.exe --reload 
    • Verify the node user. Run the following command:
      > asnodeadmin.exe -l 

      The output for this command should resemble the following:

      List of node user(s):
                      user       system/transfer user                    acls
      ====================    =======================    ====================
            sharepointnode                 sharepoint    []
                    spnode              aspera_user_1    []
  13. Configure the transfer server in the Aspera for SharePoint application.
    Add the transfer server to your Aspera for SharePoint installation, mapping it to a document library. For details, see the IBM Aspera for Microsoft SharePoint Administrator's Guide.
    Note: The transfer server must be installed, configured, and running before you configure it in Aspera for SharePoint.