Parent topic: Appendix
Appendix

Note on Encryption at Rest

Details about the Aspera® Faspex Server™ EAR setting

As described in Security, the Use Encryption-at-Rest checkbox setting--when enabled--requires users, on upload, to enter a password to encrypt the files on the server. Package recipients will be required to enter the password to decrypt protected files as they are being downloaded. If a user elects to keep downloaded files encrypted, then they do not need to enter a password until they attempt to decrypt the files locally. Encryption-at-Rest is supported by the Aspera Connect™ Browser Plug-in, starting with Version 2.2.0. To ensure that encryption and decryption occur, log in to your Aspera Faspex Server GUI, select Server > Configuration > Transfers and scroll down to the Aspera Connect Version section. Please mark the Enforce minimum version checkbox and specify "2.2.0" or higher in the Version field.

Important:

The Use Encryption-at-Rest feature is not fully enforced unless the Aspera Faspex Server Administrator also updates the aspera.conf configuration file (which is not automatically modified by Aspera Faspex). The Administrator may update aspera.conf manually or through the Aspera Enterprise Server™ GUI (please refer to http://www.asperasoft.com/en/documentation/1 for details on the GUI). Within aspera.conf, the Content Protection Required and Content Protection Strong Password Required must be enabled.

The following code block demonstrates manually updating aspera.conf:

<transfer>
...
 <encryption>
    <content_protection_strong_pass_required>  <!--Strong Password Required for Content Protection-->
       true
    </content_protection_strong_pass_required>
    <content_protection_required>              <!--Content Protection Required-->
       true
    </content_protection_required>
	... 
 </encryption>
... 
</transfer>
Important:

The Aspera HTTP Fallback Server provides a secondary transfer method for clients that don't have the Internet connectivity required for Aspera accelerated transfers (By default, UDP port 33001). When UDP connectivity is lost or cannot be established, the transfer will be continued over the HTTP protocol. If transfer encryption is enabled, the transfer will continue over HTTPS. For details on configuring HTTP Fallback for Aspera Faspex Server, please refer to Configuring HTTP and HTTPS Fallback.

Parent topic: Appendix