Parent topic: Installing Faspex
Installing Faspex

Preparing Your System for Installation

Before beginning the installation process for Faspex, you must be logged into your computer as an admin (or domain admin if you are in an Active Directory environment).
Warning: Due to incompatible common components, IBM Aspera Console and IBM Aspera Faspex cannot be installed on the same machine. Aspera does not support this combination. If you are running an older version of Faspex and Console on the same machine, contact Technical Support to move one of the applications to another system.
Make sure you have taken the following steps to prepare your system and to ensure that installation goes smoothly.
  1. Determine whether Faspex has a domain name.

    Aspera recommends creating a domain name for Faspex. If Faspex is configured to identify itself by IP address (rather than by domain name), then the URLs in your notification emails contain an IP address (for example, "https://10.0.0.1/aspera/faspex"). Some Web-based email services (such as Yahoo or Ymail, and Hotmail) have been known to automatically flag emails containing IP address links as "Spam," and move them to your Junk/Spam folder. If you do not have a domain name immediately available, then you can first configure Faspex with an IP address and then change it to use a domain name later.

    If you know that you will not be setting up a domain name, make sure that users add your Faspex "From" email address (for example, admin@faspex.example.com) to their address book or contact list. Doing so typically "white-lists" the address so that emails from Faspex are not automatically flagged and routed the Junk/Spam folder.

    CAUTION:
    Do not configure Faspex to use a domain name or hostname that contains underscore characters. Doing so could prevent you from logging into the server or cause other connectivity problems. Internet standards for domain names and hostnames do not support underscore characters.
  2. Upgrade Windows Installer to version 4 or higher.
    The Faspex installer requires Windows Installer version 4+ for successful configuration. You may download the latest version of Windows Installer from the Microsoft website.
  3. Download the latest Aspera installers.

    Download the latest version of IBM Aspera Enterprise Server, and IBM Aspera Faspex installers from the following locations:

    You are required to enter your organization's Aspera login credentials to gain access. If you need help determining your organization's access credentials, contact your Aspera account manager.

  4. Install Enterprise Server with a Connect server license.

    For instructions on installing your software and license, follow the steps in the IBM Aspera Enterprise Server or IBM Aspera Connect Server Admin Guide.

    The transfer server can be set up in either of the following configurations:

    • Locally, on the same host as Faspex
    • Remotely, on a separate host
    In the aspera.conf file (/opt/aspera/etc/aspera.conf) check the following:
    • Look for <persistent_store> in the <central_server> section, and be sure that it is set to enable (default value). This setting allows the retention of historical transfer data used by the stats collector.
    • Look for the <dir_allowed> setting for the faspex user, and ensure that it's set to true (default value).

    If you change settings, you must restart asperacentral and asperanoded. You can restart these services from the Windows Computer Management window, accessible from Manage > Services and Applications > Services. Right-click the service and select Restart from the menu.

  5. Secure your SSH server.
    An Aspera server runs one SSH server on a configurable TCP port (33001 by default).

    Your firewall should be configured as follows:

    • To ensure that your server is secure, Aspera strongly recommends allowing inbound connections for SSH on TCP/33001 (or on another non-default, configurable TCP port), and disallowing inbound connections on TCP/22. If you have a legacy customer base utilizing TCP/22, then you can allow inbound connections on both ports.
    • Allow inbound connections for FASP transfers, which use UDP/33001 by default, although the server may also choose to run FASP transfers on another port.
    • If you have a local firewall on your server (such as Windows Firewall), verify that it is not blocking your SSH and FASP transfer ports (TCP/UDP 33001).
    • For the Faspex web interface, allow inbound connections for HTTP and/or HTTPS Web access (TCP/80, TCP/443).

    The firewall on the server side must allow the open TCP port to reach the Aspera server. No servers listen on UDP ports. When a transfer is initiated by an Aspera client, the client opens an SSH session to the SSH server on the designated TCP port and negotiates the UDP port for the data transfer.

    For Aspera servers that have multiple concurrent clients, the Windows operating system does not allow the Aspera FASP protocol to reuse the same UDP port for multiple connections. Thus, if you have multiple concurrent clients and your Aspera server runs on Windows, then you must allow inbound connections on a range of UDP ports, where the range of ports is equal to the maximum number of concurrent FASP transfers expected. These UDP ports should be opened incrementally from the base port, which is UDP/33001, by default. For example, to allow 10 concurrent FASP transfers, allow inbound traffic from UDP/33001 to UDP/33010.

You are now ready to install Faspex on your server. If you installed Enterprise Server on a remote host, follow the instructions in Installing Faspex with a Remote Node. Otherwise, follow the instructions in Installing Faspex with a Local Node.
Parent topic: Installing Faspex