Configuring a Remote Transfer Node for Faspex

Faspex communicates with a transfer server product (IBM Aspera Enterprise Server or IBM Aspera Connect Server) using the Node API, a daemon on the transfer server that offers REST-inspired file operations and a transfer management API. A local, remote, or cloud system installed with a transfer server is called an Aspera node. Faspex can access a local node or a transfer node remotely via the Node API.

The following instruction assume you have already installed Enterprise Server with a Connect Server license on the remote server.
Important: All steps must be performed as the root user.
  1. Create the system user faspex.
    The faspex user authenticates the actual ascp transfer and must be an operating system account.

    Run the following commands to create the system user faspex.

    # groupadd -r faspex
    # useradd -r faspex -s /bin/aspshell -r -g faspex
  2. Create and configure the faspex_packages directory.
    Run the following commands to create faspex_packages directories and configure the faspex user directories:
    # mkdir -p /home/faspex/faspex_packages
    # chown faspex:faspex /home/faspex/
    # chown faspex:faspex /home/faspex/faspex_packages 
  3. Configure aspera.conf using the asconfigurator command.
    • Set the Faspex package directory as the faspex user's docroot in aspera.conf:
      asconfigurator -x "set_user_data;user_name,faspex;absolute,/home/faspex/faspex_packages"
    • Set the server hostname with your server's IP address or domain name:
      asconfigurator -x "set_server_data;server_name,hostname_or_IP"
      For example, if your IP address is 198.51.100.24, run the following command:
      asconfigurator -x "set_server_data;server_name,198.51.100.24"
    • Set an encryption key:
      asconfigurator -x "set_user_data;user_name,faspex;token_encryption_key,encryption_key"
      For example:
      asconfigurator -x "set_user_data;user_name,faspex;token_encryption_key,de905198-73b7-4f3c-b125-ffd76f29dc4d"
    • Configure file and directory create modes. These create modes determine the permissions given the files and directories created on the node. Aspera recommends using the values in the following commands:
      asconfigurator -x "set_node_data;file_create_mode,770"
      asconfigurator -x "set_user_data;user_name,faspex;file_create_mode,660"
      asconfigurator -x "set_user_data;user_name,faspex;directory_create_mode,770"
  4. Enable HTTP and HTTPS fallback.
    The fallback settings on the node must match the fallback settings on Faspex. If the settings don't match, Faspex returns a "Package creation failed" error. Set the HTTP and HTTPS ports to the ports you configured in Faspex. For more information about HTTP fallback, see Configuring HTTP and HTTPS Fallback
    asconfigurator -x "set_http_server_data;enable_http,true"
    asconfigurator -x "set_http_server_data;http_port,8080"
    asconfigurator -x "set_http_server_data;enable_https,true"
    asconfigurator -x "set_http_server_data;https_port,8443"
    Restart the asperahttpd service.
    service asperahttpd restart
  5. After modifying aspera.conf, restart Aspera Central and Aspera NodeD services.
    # service asperacentral restart
    # service asperanoded restart
  6. Run the following command to validate your aspera.conf file:
    # /opt/aspera/bin/asuserdata -v
  7. Add a node user associated with the system user.
    Faspex authenticates to the node machine using a Node API username and password. The following command creates a Node API user and password and associates it with the system user you created.
    # /opt/aspera/bin/asnodeadmin -a -u node_username -p node_password -x faspex
    For example:
    # /opt/aspera/bin/asnodeadmin -a -u faspex_node_user -p ********* -x faspex
    Adding, modifying, or deleting a node-user triggers automatic reloading of the user database and the node's configuration and license files.
  8. Verify that you correctly added the node user.
    # /opt/aspera/bin/ asnodeadmin.exe -l
    The output from the example in the previous step should look like the following:
                    user       system/transfer user                    acls
    ====================    =======================    ====================
        node_faspex_user                     faspex    []
  9. Verify you have installed a valid license on your transfer server. Run the ascp -A command and review the enabled settings list. For example:
    Enabled settings: connect, mobile, cargo, node, proxy, http_fallback_server, 
    group_configuration, shared_endpoints, desktop_gui
    If the list includes connect and http_fallback_server, you have a Faspex-enabled server license. If you do not see those settings, follow the instructions in the Updating the Product License topic in the Enterprise Server Admin Guide.
    Note: If you updated your transfer server license, you must restart the asperanoded service afterwards.
    # service asperanoded restart
  10. Install the IBM Aspera Connect Browser Plug-in key.

    First, locate your Connect Browser Plug-In key in the following location:

    /opt/aspera/var/aspera_id_dsa.pub

    Then, run the following commands to create a .ssh folder (if it does not already exist)in the faspex user's home directory:
    # mkdir -p /home/faspex/.ssh
    Run the following commands to create the keyfile authorized_keys (if it does not already exist) and append the key text to it:
    # cat /opt/aspera/var/aspera_id_dsa.pub >> /home/faspex/.ssh/authorized_keys
    Run the following commands to change the key directory and keyfile's ownership to the faspex user and set permission bits:
    # chown faspex:faspex /home/faspex/.ssh  
    # chown faspex:faspex /home/faspex/.ssh/authorized_keys
    # chmod 700 /home/faspex/.ssh
    # chmod 600 /home/faspex/.ssh/authorized_keys
The remote transfer node is now configured to work with Faspex. If you have not yet installed Faspex, see Installing Faspex with a Local Node. Otherwise, for instructions on adding this node to Faspex, see Configuring a Remote Server in Faspex.