Setting up a Remote Server

Steps on setting up a remote transfer-server node for Aspera^® Faspex™.

1. Create the system user.

   This is the user who authenticates the actual ascp transfer, and must be an operating system account. Run the following commands to create the system user "faspex."

   # /usr/sbin/groupadd -r faspex
   # /usr/sbin/useradd -r faspex -s /bin/aspshell-r -g faspex

2. Create and configure the faspex package directory.

   Run the following commands to configure the Aspera Faspex directory /home/faspex/ and the faspex_packages subdirectory:

   # mkdir -p /home/faspex/faspex_packages
   # chown faspex:faspex /home/faspex/
   # chown faspex:faspex /home/faspex/faspex_packages 

3. Modify aspera.conf.

   Add the faspex package directory as a docroot in aspera.conf. The aspera.conf file can be found in the following location:

   /opt/aspera/etc/aspera.conf

   Below is a typical Aspera Faspex aspera.conf file. Yours may differ, particularly if you have installed other Aspera products. Modify the following, as necessary:

   • In the file below, look for the <absolute> tag to see how the docroot has been defined in this installation, and adjust yours accordingly.
   • Look for the <server_name> tag below, and ensure that SERVER_IP_OR_NAME has been replaced with the name or IP address of your server.
   • In the <central_server> section, set <persistent_store> to enable as shown below. Aspera Faspex 3.5+ requires persistent storage to be enabled. By default, <persistent_store> is disabled (not set).

   <?xml version='1.0' encoding='UTF-8'?>
   <CONF version="2"> 
   
   <central_server>
     <address>127.0.0.1</address>
     <port>40001</port>
     <compact_on_startup>enable</compact_on_startup>
     <persistent_store>enable</persistent_store>
     <persistent_store_on_error>ignore</persistent_store_on_error>
     <persistent_store_max_age>86400</persistent_store_max_age>
     <event_buffer_overrun>block</event_buffer_overrun>
   </central_server>
   <default>
     <file_system>
       <pre_calculate_job_size>yes</pre_calculate_job_size>
     </file_system>
   </default>
   <aaa>
     <realms>
       <realm>
         <users>
           <user>
             <name>faspex</name>
             <file_system>
               <access>
                 <paths>
                   <path>
                     <absolute>/home/faspex/faspex_packages</absolute>
                     <show_as>/</show_as>
                     <dir_allowed>true</dir_allowed>
                   </path>
                 </paths>
               </access>
               <directory_create_mode>770</directory_create_mode>
               <file_create_mode>660</file_create_mode>
             </file_system>
             <authorization>
               <transfer>
                 <in>
                   <value>token</value>
                 </in>
                 <out>
                   <value>token</value>
                 </out>
               </transfer>
               <token>
                 <encryption_key>af208360-dbdd-4033-a35b-2370941f37e9</encryption_key>
               </token>
             </authorization>
           </user>
         </users>
       </realm>
     </realms>
   </aaa>
   <http_server>
     <http_port>8080</http_port>
     <enable_http>1</enable_http>
     <https_port>8443</https_port>
     <enable_https>1</enable_https>
   </http_server>
   <server>
     <server_name>SERVER_IP_OR_NAME</server_name>
   </server>
   </CONF>

   After modifying aspera.conf, restart Aspera Central and Aspera NodeD services.

   # /etc/init.d/asperacentral restart
   # /etc/init.d/asperanoded restart

4. Verify your transfer server license.

   Verify that you have installed a valid Aspera Faspex license on your transfer server. If you need to update your transfer server license (by following the instructions in your server guide), you must reload the asperanoded service afterwards. Reload the asperanoded service by running asnodeadmin.exe, found in the following location:

   # /opt/aspera/bin/asnodeadmin --reload 

5. Set up the node user.

   Run the following commands to set up the node user (where "node-admin" is the node user, "s3cur3_p433" is his password and "faspex" is the system user), and then reload asperanoded.

   # /opt/aspera/bin/asnodeadmin -a -u node-admin -p s3cur3_p433 -x faspex
   # /opt/aspera/bin/asnodeadmin --reload 

6. Install the Aspera Connect™ key.

   First, locate your Aspera Connect key as follows:

   /opt/aspera/var/aspera_id_dsa.pub

   Then, run the following commands to create a .ssh folder (if it does not already exist) in the faspex user's home directory:

   # mkdir -p /home/faspex/.ssh

   Run the following commands to create the keyfile authorized_keys (if it does not already exist), and append the key text to it:

   # cat /opt/aspera/var/aspera_id_dsa.pub >> /home/faspex/.ssh/authorized_keys

   Run the following commands to change the key directory and keyfile's ownership to the faspex user and set permission bits:

   # chown faspex:faspex /home/faspex/.ssh  
   # chown faspex:faspex /home/faspex/.ssh/authorized_keys
   # chmod 600 /home/faspex/.ssh/authorized_keys
   # chmod 700 /home/faspex
   # chmod 700 /home/faspex/.ssh

7. Configure your remote transfer server in the Aspera Faspex Web GUI.

   Follow the instructions in the topic "Transfer Server" for configuring your remote transfer server in the Aspera Faspex Web GUI (Server > File Storage).