Configuring for Shares

The steps below show how to set up IBM Aspera Enterprise Server as a transfer server for IBM Aspera Shares. The procedure assumes you have already set up your Shares application. For general information on setting up a transfer server (using the Node API), see Set up for Node API.

  1. Install Enterprise/Connect Server.

    Follow the instructions in Installation and Upgrades to install Enterprise Server either locally (on the same host as Shares) or remotely.

    The steps below must be performed with administrator permissions.

  2. Create an Aspera transfer user.
    The Aspera transfer user authenticates the actual ascp transfer, and must be an operating system user on the node. If the operating system user does not exist, create the user.

    Create a user account—for example, aspera_user_1—on your operating system by clickingControl Panel > User Accounts. (Creating a user account requires administrator permissions.)

    Note: After creating a Windows user account, log in as that user as least once in order for Windows to set up the user's home folder—for example, C:\Users\aspera_user_1. Once the user's home folder has been created, log back in as an administrator and continue the steps below.

    Configure the operating system user in Enterprise Server to make it an Aspera transfer user. For instructions, see Setting Up Users.

    Note: The Aspera transfer user must have a docroot configured (see Document Root). After setting the user's docroot, restart the Node service, as described in Configuring the Server for the Node API.
  3. Configure the Aspera transfer user with a Node API username and password.
    Aspera's Web applications authenticate to the remote node service using a Node API username and password. The following command creates a Node API username and password, and associates it with a file transfer user, in this example aspera_user_1. Different nodes may use different Node API username-password pairs.
    > asnodeadmin -a -u node_api_username -p node_api_passwd -x aspera_user_1

    Adding, modifying, or deleting a node user triggers automatic reloading of the configuration and license files, as well as the user database.

  4. Copy the public key to the transfer user’s SSH file.

    For example, if the file transfer user is aspera_user_1, the standard location for the public key is in the user's home folder, as follows:

    C:\Users\aspera_user_1\.ssh\authorized_keys
    
    

    The Aspera-provided key file is located in:

    C:\Program Files [(x86)]\Aspera\Enterprise Server\var\aspera_tokenauth_id_rsa.pub
    
    

    Open a command prompt window and run the following commands to create the user's public key folder:

    > cd user_home_folder
    > md .ssh

    Use a text editor to create the following file (with no file extension), if the file does not already exist:

    user_home_folder\.ssh\authorized_keys

    Copy the contents of aspera_tokenauth_id_rsa.pub to the authorized_keys file. Update the folder permissions in Windows Explorer by right-clicking the .ssh folder, selecting Properties, and then selecting the Security tab. Here, you can set permissions to read, write, and execute (full control).



  5. (Optional) Change HTTPS port and/or SSL certificate.
    The Aspera Node API provides an HTTPS interface for encrypted communication between node machines (on port 9092, by default). To modify the HTTPS port, see Configuring the Server for the Node API. For information on maintaining and generating a new SSL certificate, see Setting up SSL for your Nodes.
  6. Configure server settings.
    In a Command Prompt window, run the following commands to set the server name with the name or IP address of your server, enable persistent storage (persistent storage is enabled by default), and enable HTTP and HTTPS:
    > asconfigurator -x "set_server_data;server_name,server_ip_or_name"
    > asconfigurator -x "set_central_server_data;persistent_store,enable"
    > asconfigurator -x "set_http_server_data;enable_http,true"
    > asconfigurator -x "set_http_server_data;enable_https,true"
  7. Enable token authorization for the transfer user.
    • From the Enterprise Server GUI: Click Configuration, select the transfer user, and click the Authorization tab. In the rows for Incoming Transfers and Outgoing Transfers, select the Override box, then select token from the dropdown menu under Effective Value. In the row for Token Encryption Key, select the Override box, then enter the encryption key in the field under Effective Value. The encryption key should be a string of random characters (at least 20 recommended). For illustrated instructions, see Setting Up Token Authorization.
    • Using the command line: In a Command Prompt window, run the following commands:
      > asconfigurator -x "set_user_data;user_name,username;authorization_transfer_in_value,token"
      > asconfigurator -x "set_user_data;user_name,username;authorization_transfer_in_value,token"
      > asconfigurator -x "set_user_data;user_name,username;token_encryption_key,encryption_key"
      The encryption key should be a string of random characters (at least 20 recommended).

    Alternatively, you can configure token-authorization settings to apply to all users in a group or to apply them globally for all users. For more information, see User, Group and Default Configurations.

  8. Restart Aspera Central and Aspera NodeD to activate your new configuration.

    You can restart the Aspera Central from the Computer Management window. Go to Control Panel > Administrative Tools > Computer Management > Services and Applications > Services, click Aspera Central, and click Restart.

    Go to Control Panel > Administrative Tools > Computer Management > Services and Applications > Services, click Aspera NodeD, and click Restart.

  9. Ensure that the firewall is set up correctly on your transfer server
    For details, see Configuring the Firewall.