Welcome to IBM Aspera Shares

IBM Aspera Shares is designed for companies that need to ingest or share content (files and directories of any size) in multiple locations, or across multiple servers at the same location. Content can be shared within the company, or with external customers and partners. A single web interface consolidates browsing across all shared content. A powerful and flexible security model is used to manage authorization, user management, and access control.

The Shares web application can be accessed with most standard web browsers. It provides secure access to a consolidated view of all available content, regardless of the location of that content. Your content can reside in “the cloud,” on premises, or both. The user display, navigation and behaviors are all the same. Aspera Shares lets you leverage the unlimited storage and computing capacity offered by the cloud and enables hybrid clouds by seamlessly tying together public and private storage.

Aspera Shares version 2

Aspera Shares version 2 is a major architectural advance extending Shares’ capabilities.

Shares version 2 supports grouping of users and Shares into Organizations, Teams, and Projects. Content sharing and managing rights can be delegated to authorized roles at each level providing added layers of security ensuring access to the right content by the right people. Access and permissions can be scoped by users and groups within organizations and projects.

Key Features of Shares

  • Nodes contain Shares. Shares contain files and directories.
  • Nodes can be assigned to organizations and projects. Shares can be assigned to projects.
  • Groups are created outside of Organizations (and projects). You cannot have two different groups with the same name.
  • Users can be added to Groups. Groups can be assigned rights that apply to all users, and Groups can be assigned to Organizations, Projects and Shares.
  • SAML and LDAP users can not be added to groups.
  • Users and Groups can be added to Teams. Teams can be given all the same access rights as groups.
  • SAML and LDAP users can be added to teams.
  • Each team resides within an organization. You can have two different, independent teams, with the same name, as long as they are in two different organizations.
  • Users, Teams, and Groups can be assigned administrative privileges.
  • Shares supports delegation of content sharing and managing rights to authorized roles at the organization and project levels.
  • Added layers of security to ensure right people have access to right content, by scoping of eligible users and groups to organizations and projects.
  • Administration of large user communities while supporting multiple authentication providers including SAML, OAUTH, LDAP, and the local user database.

Shares Key Concepts

The Shares application relies on a few key concepts. Each of these is further defined later:

  • Storage
    • A transfer server is an IBM Aspera server with storage attached.
    • An Aspera node is a transfer server that is accessible to the Shares application. Nodes contain shares. Nodes can be assigned to organizations and projects. Node access is controlled by the Shares system administrator. Organization administrators can make nodes available to their organizations and projects.
    • A share is a directory on a node. To be accessed, shares must be assigned to projects. (Shares are not assigned to Organizations.) Project admins with access and permissions to a node, can create more shares on it for their project. Project admins also control user and group access to the shares.
    • A folder (directory) lives on a share (or your local computer) and contains files.
  • Users, Groups, Teams, and Admins
    • Groups are collections of users. Groups are granted access and permissions to organizations, projects, and shares. Groups may also be assigned admin roles per entity they are assigned to, on a case-by-case basis. In which case, every member of that group becomes a system admin, organization admin, or project admin, depending on the resource they were granted permissions to.
    • Users are individuals, each with a unique login account. Users can be authorized on your Shares application using “local,” SAML, or Active directory/LDAP authentication. Users can be granted access and permissions to organizations, projects, and shares. Users can also be made administrators, including system administrators.
    • Teams are created within organizations. Teams include users and groups. Teams can be authorized as admins, to projects, and to shares.
    • There are three levels of admins, from most powerful to least they are system, organization, and project. Admins may selectively be given two additional permissions: “Can see all users,” and “Can see all nodes,” described below.
  • Organizations and Projects
    • Organizations can represent an entire company, an individual department, or other entity, depending on your needs. Organizations have users, groups and nodes assigned to them by the Shares application system admin. Organizations have admins that can create and manage projects within the organization. Organization admins can also assign users, groups, and nodes to the organization’s projects.
    • Projects are contained in organizations. You can have as many projects as you want in each organization. Users, groups, and shares can be assigned to projects. The project admins, and containing organization admins can manage project resources.
  • Available and Authorized
    • A resource is a Node, Share, Group, User, or Project.
    • A "container" is an Organization, Project, or Group.
    • A resource can be unavailable, available, or authorized to a container. For example an organization can have a Node, and a Group available to it.
    • Available means that the available resource can be authorized to that container by the appropriate administrators.
    • Authorized means that the resource is usable within the container. An authorized node is accessible to an Organization. An authorized share is accessible to all the members of a group that has access to a project.