Parent topic: Working With Remote Servers
Working With Remote Servers

Configuring a Remote Transfer-Server Node

Important: Note that all steps must be performed on the remote machine, as the root user.
  1. Create the system user "faspex".

    This is the user who authenticates the actual ascp transfer. This user must be an operating system account. Run the following commands to create the system user "faspex."

    # useradd -r faspex
# useradd -r faspex -s /bin/aspshell -r -g faspex
  2. Create and configure the faspex package directory.
    Run the following commands to create and configure the /home/faspex/ and the faspex_packages directories: 
    # mkdir -p /home/faspex/faspex_packages
# chown faspex:faspex /home/faspex/
# chown faspex:faspex /home/faspex/faspex_packages
  3. Configure aspera.conf.

    Add the faspex package directory as a docroot in aspera.conf. The aspera.conf file can be found in the following location:

    /opt/aspera/etc/aspera.conf

    Below is a typical Faspex aspera.conf file. Yours may differ, particularly if you have installed other Aspera products. Modify the following, as necessary:

    • In the file below, look for the absolute tag to see how the docroot has been defined in this installation, and adjust yours accordingly.
    • Look for the server_name tag below, and ensure that SERVER_IP_OR_NAME has been replaced with the name or IP address of your server.
    • In the central_server section, set persistent_store to enable.
    <?xml version='1.0' encoding='UTF-8'?>
<CONF version="2"> 

<central_server>
  <address>127.0.0.1</address>
  <port>40001</port>
  <compact_on_startup>enable</compact_on_startup>
  <persistent_store>enable</persistent_store>
  <persistent_store_on_error>ignore</persistent_store_on_error>
  <persistent_store_max_age>86400</persistent_store_max_age>
  <event_buffer_overrun>block</event_buffer_overrun>
</central_server>
<default>
  <file_system>
    <pre_calculate_job_size>yes</pre_calculate_job_size>
  </file_system>
</default>
<aaa>
  <realms>
    <realm>
      <users>
        <user>
          <name>faspex</name>
          <file_system>
            <access>
              <paths>
                <path>
                  <absolute>/home/faspex/faspex_packages</absolute>
                  <show_as>/</show_as>
                  <dir_allowed>true</dir_allowed>
                </path>
              </paths>
            </access>
            <directory_create_mode>770</directory_create_mode>
            <file_create_mode>660</file_create_mode>
          </file_system>
          <authorization>
            <transfer>
              <in>
                <value>token</value>
              </in>
              <out>
                <value>token</value>
              </out>
            </transfer>
            <token>
              <encryption_key>af208360-dbdd-4033-a35b-2370941f37e9</encryption_key>
            </token>
          </authorization>
        </user>
      </users>
    </realm>
  </realms>
</aaa>
<http_server>
  <http_port>8080</http_port>
  <enable_http>1</enable_http>
  <https_port>8443</https_port>
  <enable_https>1</enable_https>
</http_server>
<server>
  <server_name>SERVER_IP_OR_NAME</server_name>
</server>
</CONF>
  4. After modifying aspera.conf, restart Aspera Central and Aspera NodeD services. 
    # service asperacentral restart
# service asperanoded restart
  5. Run the following command to validate your aspera.conf file: 
    # /opt/aspera/bin/asuserdata -v
  6. Add a node user associated with the system user.
    Faspex authenticates to the node machine using a Node API username and password. The following command creates a Node API user and password and associates it with the system user you created. 
    # asnodeadmin.exe -a -u node_api_username -p node_api_passwd -x faspex
# service asperanoded restart
    Adding, modifying, or deleting a node-user triggers automatic reloading of the user database and the node's configuration and license files. For more information on the Node API, see your transfer server's administrator guide.
  7. Verify that you correctly added the node user. 
    > asnodeadmin.exe -l
    The output should look like the following: 
                    user       system/transfer user                    acls
====================    =======================    ====================
           node_user               faspex_user
  8. Verify you have installed a valid license on your transfer server.

    If you need to update your transfer server license (by following the instructions in the Updating Product License section of the Enterprise Server Admin Guide), you must restart the asperanoded service afterwards.

    # service asperanoded restart
  9. Install the IBM Aspera Connect Browser Plug-in key.

    First, locate your Connect key as follows:

    /opt/aspera/var/aspera_id_dsa.pub
    Then, run the following commands to create a .ssh folder (if it does not already exist) in the faspex user's home directory: 
    # mkdir -p /home/faspex/.ssh
    Run the following commands to create the keyfile authorized_keys (if it does not already exist), and append the key text to it: 
    # cat /opt/aspera/var/aspera_id_dsa.pub >> /home/faspex/.ssh/authorized_keys
    Run the following commands to change the key directory and keyfile's ownership to the faspex user and set permission bits: 
    # chown faspex:faspex /home/faspex/.ssh  
# chown faspex:faspex /home/faspex/.ssh/authorized_keys
# chmod 600 /home/faspex/.ssh/authorized_keys
# chmod 700 /home/faspex
# chmod 700 /home/faspex/.ssh
Parent topic: Working With Remote Servers