Configuring a Remote Transfer-Server Node

Follow the steps below to set up a remote transfer-server node for IBM Aspera Faspex on Demand.

Important: Note that all steps must be performed on the remote machine (transfer server), as the root user.
  1. Set up the Node API.
    The Node API must be set up in IBM Aspera Faspex on Demand for Faspex to communicate with the remote machine. Refer to the Node API Setup section in the Managing the Node API section of the IBM Aspera Enterprise Server Administrator's Guide for instructions on how to set up the Node API in Enterprise Server.
  2. Create the system user "faspex".

    This is the user who authenticates the actual ascp transfer, and must be an operating system account. Run the following commands to create the system user "faspex."

    # /usr/sbin/groupadd -r faspex
    # /usr/sbin/useradd -r faspex -s /bin/aspshell-r -g faspex
  3. Create and configure the faspex package directory.
    Run the following commands to configure the Faspex directory /home/faspex/ and the faspex_packages subdirectory:
    # mkdir -p /home/faspex/faspex_packages
    # chown faspex:faspex /home/faspex/
    # chown faspex:faspex /home/faspex/faspex_packages 
  4. Configure aspera.conf.

    Add the faspex package directory as a docroot in aspera.conf. The aspera.conf file can be found in the following location:

    /opt/aspera/etc/aspera.conf

    Below is a typical Faspex aspera.conf file. Yours may differ, particularly if you have installed other Aspera products. Modify the following, as necessary:

    • In the file below, look for the <absolute> tag to see how the docroot has been defined in this installation, and adjust yours accordingly.
    • Look for the <server_name> tag below, and ensure that SERVER_IP_OR_NAME has been replaced with the name or IP address of your server.
    • In the <central_server> section, set <persistent_store> to enable as shown below. Faspex 3.5+ requires persistent storage to be enabled. By default, <persistent_store> is disabled (not set).
    <?xml version='1.0' encoding='UTF-8'?>
    <CONF version="2"> 
    
    <central_server>
      <address>127.0.0.1</address>
      <port>40001</port>
      <compact_on_startup>enable</compact_on_startup>
      <persistent_store>enable</persistent_store>
      <persistent_store_on_error>ignore</persistent_store_on_error>
      <persistent_store_max_age>86400</persistent_store_max_age>
      <event_buffer_overrun>block</event_buffer_overrun>
    </central_server>
    <default>
      <file_system>
        <pre_calculate_job_size>yes</pre_calculate_job_size>
      </file_system>
    </default>
    <aaa>
      <realms>
        <realm>
          <users>
            <user>
              <name>faspex</name>
              <file_system>
                <access>
                  <paths>
                    <path>
                      <absolute>/home/faspex/faspex_packages</absolute>
                      <show_as>/</show_as>
                      <dir_allowed>true</dir_allowed>
                    </path>
                  </paths>
                </access>
                <directory_create_mode>770</directory_create_mode>
                <file_create_mode>660</file_create_mode>
              </file_system>
              <authorization>
                <transfer>
                  <in>
                    <value>token</value>
                  </in>
                  <out>
                    <value>token</value>
                  </out>
                </transfer>
                <token>
                  <encryption_key>af208360-dbdd-4033-a35b-2370941f37e9</encryption_key>
                </token>
              </authorization>
            </user>
          </users>
        </realm>
      </realms>
    </aaa>
    <http_server>
      <http_port>8080</http_port>
      <enable_http>1</enable_http>
      <https_port>8443</https_port>
      <enable_https>1</enable_https>
    </http_server>
    <server>
      <server_name>SERVER_IP_OR_NAME</server_name>
    </server>
    </CONF>

    After modifying aspera.conf, restart Aspera Central and Aspera NodeD services.

    # /etc/init.d/asperacentral restart
    # /etc/init.d/asperanoded restart
  5. Verify you have installed a valid license on your transfer server.

    If you need to update your transfer server license (by following the instructions in the Updating Product License section of the Enterprise Server Admin Guide), you must reload the asperanoded service afterwards. Reload the asperanoded service by running asnodeadmin.exe, found in the following location:

    # /opt/aspera/bin/asnodeadmin --reload 
  6. Set up the node user.

    Run the following commands to set up the node user (where "node-admin" is the node user, "s3cur3_p433" is his password and "faspex" is the system user), and then reload asperanoded.

    # /opt/aspera/bin/asnodeadmin -a -u node-admin -p s3cur3_p433 -x faspex
    # /opt/aspera/bin/asnodeadmin --reload 
  7. Install the IBM Aspera Connect Browser Plug-in key.

    First, locate your Connect Browser Plug-in key as follows:

    /opt/aspera/var/aspera_id_dsa.pub
    Then, run the following commands to create a .ssh folder (if it does not already exist) in the faspex user's home directory:
    # mkdir -p /home/faspex/.ssh
    Run the following commands to create the keyfile authorized_keys (if it does not already exist), and append the key text to it:
    # cat /opt/aspera/var/aspera_id_dsa.pub >> /home/faspex/.ssh/authorized_keys
    Run the following commands to change the key directory and keyfile's ownership to the faspex user and set permission bits:
    # chown faspex:faspex /home/faspex/.ssh  
    # chown faspex:faspex /home/faspex/.ssh/authorized_keys
    # chmod 600 /home/faspex/.ssh/authorized_keys
    # chmod 700 /home/faspex
    # chmod 700 /home/faspex/.ssh
  8. Configure your remote transfer server in the Faspex Web GUI.

    Follow the instructions in the topic "Configuring a Remote Server in Faspex for configuring your remote transfer server in the Faspex Web GUI (Server > File Storage).