Server Setup in IBM Cloud Object Storage (COS) - S3

With an Aspera entitlement, an Aspera server can be installed on an instance in IBM Cloud Object Storage (COS) - S3 and run as a self-managed server that enables high-speed transfers with your IBM COS - S3 storage.

Deployment considerations

  • If IBM COS - S3 is on-premises, the Aspera transfer server must also be on-premises. If IBM COS - S3 is in the cloud, the Aspera transfer server must be in the same region.
  • On-premises, IBM COS - S3-based HST Server does not have a direct connection to cloud-based IBM COS - S3 storage. Use the IBM Aspera on Cloud transfer service to connect on-premises storage with cloud storage.
Note:

Prerequisites:

  • You have an IBM Cloud account.
  • You have a vault and know your access id and password.
  • You have installed an Aspera transfer server on a VM instance in IBM Cloud.
  • You can log into your VM instance with root privileges.
  • Your instance's Linux Kernel is 2.6.34 or higher. Run the following command to confirm:
    $ uname -a
  • Your local and cloud firewalls allow FASP-required connections (TCP/22, TCP/33001, UDP/33001).
  1. If IBM COS - S3 is in the Cloud, connect to your server through SSH and elevate to the root user. 
    # ssh -i identity_file -p 33001 user@host_ip_address
#  su -
  2. Set the transfer user's docroot. 
    # asconfigurator -x "set_user_data;user_name,username;absolute,docroot"
    Where docroot has the following syntax:
    s3://access_id:secret_key@accessor_endpoint/vault_name
  3. Open /opt/aspera/etc/trapd/s3.properties for editing.
    1. Disable retrieving the vault location.
      IBM COS - S3 does not support retrieving the vault location, so this feature must be disabled. Find the line #aspera.session.check-bucket.transfer=true, uncomment it, and change the value to false. For example:
      #Whether to check against cross-region transfers
#Default is true
aspera.session.check-bucket.transfer=false
    2. Disable using vault names in request hostnames.
      Using vault names in requests does not work if DNS is not configured. To disable the use of vault names in the request hostname, find the line #s3service.disable-dns-buckets=false, uncomment the line, and change the value to true. For example:
      #Disable use of bucket name in request hostname.
#Default (and recommended) is false
s3service.disable-dns-buckets=true
    3. Disable the unsupported x-amz-acl header.
      Find the line #aspera.s3session.x-amz-acl.enabled=true, uncomment the line, and change the value to false. For example:
      #Enable/disable setting the header "x-amz-acl: private".
...
aspera.s3session.x-amz-acl.enabled=false
    4. Save your changes and close the file.
  4. Enable the Trapd service. 
    # /opt/aspera/bin/astrap-config.sh enable
  5. Restart Trapd to activate your changes. 
    # systemctl asperatrapd restart