Secure Incoming and Outgoing Transfers

This section describes how to configure IBM Aspera Faspex on Demand to deny all transfers except for ones initiated by or sent to permitted users. This is accomplished by updating the Incoming Transfers and Outgoing Transfers Global Authorization settings for your installation of Aspera Enterprise Serverâ„¢ or Aspera Connect Serverâ„¢ (either through the GUI or by editing aspera.conf).
  1. Launch Aspera Enterprise Server.
    Run asperascp, and then select Configuration > Global > Authorization.
  2. Deny Incoming and Outgoing Transfers.
    Override the global, default setting of "allow" for both Incoming Transfers and Outgoing Transfers, and change both settings to "deny." You can then set transfer permissions on an individual user basis via the Users tab.

    You can also modify the Incoming Transfers and Outgoing Transfers Global Authorization settings within the aspera.conf file, which is located in
    /opt/aspera/etc/
    <default>
    ...
    <authorization>
       <transfer>
          <in>
             <value>deny</value>       <!-- Incoming Transfer -->
          </in>
          <out>
             <value>deny</value>       <!-- Outgoing Transfer -->
          </out>
       </transfer>
    ...	  
    </authorization>
    ...
    </default>
  3. (Complete this step if your system is a dedicated Faspex Server and is not performing transfers with IBM Aspera Enterprise Server or Connect Server) Only allow user "faspex" within Enterprise Server

    Launch Aspera Enterprise Server via asperascp, and then select the "Configuration" button and "Users" tab. Ensure that faspex is the only user listed.

    You can verify the faspex user and corresponding settings within the aspera.conf file, which is located in
    /opt/aspera/etc/
    <aaa>
    <realms>
    <realm>
    <users>
       <user>
          <name>faspex</name>
    	     <authorization>
    		    <transfer>
                   <in>
                      <value>token</value>
                   </in>
                   <out>
                      <value>token</value>
                   </out>
                </transfer>
                <token>
                   <encryption_key>CRYPTOGRAPHIC_STRONG_RANDOM_STRING</encryption_key>   			
                </token>
             <authorization>			
             <file_system>
                <access>
                   <paths>
                      <path>
                         <absolute>E:\faspex_packages</absolute>
                         <read_allowed>false</read_allowed>
                         <dir_allowed>false</dir_allowed>
                         <write_allowed>false</write_allowed>
                      </path>
                   </paths>
                </access>
             </file_system>
       </user>
    </realm>
    </realms>
    </aaa>