Shares Administrator Guide 1.0 -...
Transcript of Shares Administrator Guide 1.0 -...
Shares Administrator Guide 1.0.2
Windows XP SP3, 2008, 2008 R2
Document Version: V1
2 Contents
Contents
Introduction........................................................................................................................................... 4
Installation............................................................................................................................................. 5
System Requirements..................................................................................................................... 5
Configuring the Firewall...................................................................................................................5
Securing your SSH Server.............................................................................................................. 7
Setting up Shares.......................................................................................................................... 13
Setting up Enterprise Server......................................................................................................... 21
Node and Shares Configuration........................................................................................................ 24
Node Configuration........................................................................................................................24
Share Configuration.......................................................................................................................29
Shares Accounts.................................................................................................................................34
Add your Directory Service (DS)................................................................................................... 34
Configuring DS within Shares........................................................................................................36
Configuring Local Groups..............................................................................................................54
Configuring Local Users................................................................................................................ 61
Using Shares....................................................................................................................................... 70
Overview of Nodes, Shares and Users......................................................................................... 70
Node Functions............................................................................................................................. 71
Share Functions............................................................................................................................ 73
Search Functionality...................................................................................................................... 75
Shares Administration........................................................................................................................77
Monitoring......................................................................................................................................77
Email..............................................................................................................................................78
Security..........................................................................................................................................80
Other Settings................................................................................................................................81
Appendix..............................................................................................................................................84
aspera.conf for Nodes................................................................................................................... 84
aspera.conf for S3......................................................................................................................... 86
Contents 3
Setting up SSL for your Node(s)....................................................................................................88
Backup Shares.............................................................................................................................. 92
Restore Shares..............................................................................................................................93
Uninstall Shares............................................................................................................................ 96
Technical Support...............................................................................................................................97
Feedback..............................................................................................................................................98
Legal Notice.........................................................................................................................................99
4 Introduction
IntroductionAn overview of Aspera Shares' features and benefits.
Overview
Welcome to Shares, Aspera’s multi-node web transfer application that empowers companies to share content in the
form of files and directories--of any size--within their organization or with external customers and partners. Simple and
intuitive, Aspera Shares can be deployed as either of the following:
• A single server solution that allows sharing content from a single content store and transfer node.
• A separate server that consolidates multiple content nodes into a single view, seamlessly managing user access
and file transfers across all of the nodes.
Aspera Shares is powered by Enterprise Server 3.0+, which features Aspera's Node API, a new daemon providing
REST-inspired file operations and a transfer management API.
Aspera Shares Features
• Users can easily navigate across files and folders to locate and initiate a high-speed file upload or download.
• A single view consolidates all underlying content stored across multiple content stores and nodes.
• Powerful search, filtering, and sorting capabilities makes it easy to find individual files or folders in a very large
content store.
• Secure authenticated access with support for users, groups, and directory services.
• Administrator role has complete control over access, including which nodes and directories are visible.
• Granular control over all end-user operations at the directory level.
• Real-time activity feed keeps track of end user actions and operations such as creating, deleting and renaming files
and directories, and all administration / management functions.
• Comprehensive system logging.
• Configurable thresholds for administrative alerts such as the % or amount of free space available.
Installation 5
InstallationInstalling Shares on your system(s).
System RequirementsSystem requirements for installing Shares.
The following requirements are applicable when installing the Shares application:
On the Shares server:
• Windows XP SP3, 2008, 2008 R2
• MySQL installer
• Shares installer and license file
The Shares application includes an Nginx web server listening on port 443. For best results, we recommend using a
machine that is not already running a web server for some other purpose. If an existing server is listening on port 443,
then either that server or the Nginx server must be configured to use a different port.
On your node machine(s):
• Enterprise Server 3.0+. Note that if Enterprise Server v2.x or older is already installed and running on your system,
then you must upgrade to Enterprise Server 3.0+ before setting up the node server. Please refer to our Website for
information on installing or upgrading.
• Valid Enterprise Server license file.
• Identify a directory that you plan to use for sharing data. Later on (in "Setting up Enterprise Server"), we will use this
directory as the absolute path for the transfer user.
On all machines (Shares and nodes):
• Verify that the machine's hosts file has an entry for "127.0.0.1 localhost" (C:\WINDOWS
\system32\drivers\etc\hosts).
• Check your firewall settings.
• Secure your SSH server.
Configuring the FirewallFirewall settings required by the product.
Your Aspera transfer product requires access through the ports listed in the table below. If you cannot establish the
connection, review your local corporate firewall settings and remove the port restrictions accordingly.
Product Firewall Configuration
Enterprise Server An Aspera server runs one SSH server on a configurable TCP port (33001 by default).
IMPORTANT NOTE: Aspera strongly recommends running the SSH server on a non-
default port to ensure that your server remains secure from SSH port scan attacks. Please
6 Installation
Product Firewall Configuration
refer to the topic Securing your SSH Server on page 7 for detailed instructions on
changing your SSH port.
Your firewall should be configured as follows:
• Allow inbound connections for SSH, which is on TCP/33001 by default, or on another non-
default, configurable TCP port. If you have a legacy customer base utilizing TCP/22, then
you can allow inbound connections on both ports. Please refer to the topic Securing your
SSH Server on page 7 for details.
• Allow inbound connections for fasp transfers, which use UDP/33001 by default, although
the server may also choose to run fasp transfers on another port.
• If you have a local firewall on your server (like Windows Firewall), verify that it is not
blocking your SSH and fasp transfer ports (e.g. TCP/UDP 33001).
The firewall on the server side must allow the open TCP port to reach the Aspera server.
Note that no servers are listening on UDP ports. When a transfer is initiated by an Aspera
client, the client opens an SSH session to the SSH server on the designated TCP port and
negotiates the UDP port over which the data transfer will occur.
For Aspera servers that have multiple concurrent clients, the Windows operating system does
not allow Aspera's fasp protocol to reuse the same UDP port for multiple connections. Thus, if
you have multiple concurrent clients and your Aspera server runs on Windows, then you must
allow inbound connections on a range of UDP ports, where the range of ports is equal to the
maximum number of concurrent fasp transfers expected. These UDP ports should be opened
incrementally from the base port, which is UDP/33001, by default. For example, to allow 10
concurrent fasp transfers, allow inbound traffic from UDP/33001 to UDP/33010.
Client Typically, consumer and business firewalls allow direct outbound connections from client
computers on TCP and UDP. There is no configuration required for Aspera transfers in this
case. In the special case of firewalls disallowing direct outbound connections, typically using
proxy servers for Web browsing, the following configuration applies:
• Allow outbound connections from the Aspera client on the TCP port (TCP/33001, by
default, when connecting to a Windows server, or on another non-default port for other
server operating systems).
• Allow outbound connections from the Aspera client on the fasp UDP port (33001, by
default).
• If you have a local firewall on your server (like Windows Firewall), verify that it is not
blocking your SSH and fasp transfer ports (e.g. TCP/UDP 33001).
IMPORTANT NOTE: Multiple concurrent clients cannot connect to a Windows Aspera
server on the same UDP port. Similarly, multiple concurrent clients that are utilizing two
Installation 7
Product Firewall Configuration
or more user accounts cannot connect to a Mac OS X or FreeBSD Aspera server on the
same UDP port. If connecting to these servers, you will need to allow a range of outbound
connections from the Aspera client (that have been opened incrementally on the server
side, starting at UDP/33001). For example, you may need to allow outbound connections
on UDP/33001 through UDP/33010 if 10 concurrent connections are allowed by the server.
IMPORTANT NOTE: If you have a local firewall on your server (Windows firewall, Linux iptables or Mac ipfw), then
you will need to allow the Vlink UDP port (55001, by default) for multicast traffic. For additional information on setting
up Vlinks, please refer to the topic Setting Up Virtual Links.
Securing your SSH ServerSecure your SSH server to prevent potential security risks.
Introduction
Keeping your data secure is critically important. Aspera strongly encourages you to take additional steps in setting
up and configuring your SSH server so that it is protected against common attacks. Most automated robots will try to
log into your SSH server on Port 22 as Administrator, with various brute force and dictionary combinations in order
to gain access to your data. Furthermore, automated robots can put enormous loads on your server as they perform
thousands of retries to break into your system. This topic addresses steps to take in securing your SSH server against
potential threats, including changing the default port for SSH connections from TCP/22 to TCP/33001.
Why Change to TCP/33001?
It is well known that SSH servers listen for incoming connections on TCP Port 22. As such, Port 22 is subject to
countless, unauthorized login attempts by hackers who are attempting to access unsecured servers. A highly effective
deterrent is to simply turn off Port 22 and run the service on a seemingly random port above 1024 (and up to 65535).
To standardize the port for use in Aspera transfers, we recommend using TCP/33001.
Please note that your Aspera transfer product ships with OpenSSH listening on both TCP/22 and TCP/33001. As such,
Aspera recommends only exposing TCP/33001 through your organization's firewall and disabling TCP/22.
IMPORTANT NOTE: You need Administrator access privileges to perform the steps below.
1. Locate and open your system's SSH configuration file
Open your SSH configuration file with a text editor. You will find this file in the following system location:
8 Installation
OS Version Path
32-bit Windows C:\Program Files\Aspera\Enterprise Server\etc\sshd_config
64-bit Windows C:\Program Files (x86)\Aspera\Enterprise Server\etc\sshd_config
2. Add new SSH port
IMPORTANT NOTE: Before changing the default port for SSH connections, please verify with your network
administrators that TCP/33001 is open.
The OpenSSH suite included in the installer uses TCP/22 and TCP/33001 as the default ports for SSH connections.
Aspera recommends disabling TCP/22 to prevent security breaches of your SSH server.
Once your client users have been notified of the port change (from TCP/22 to TCP/33001), you can disable
Port 22 in your sshd_config file. To disable TCP/22 and use only TCP/33001, comment-out Port 22 in your
sshd_config file.
...
#Port 22
Port 33001
...
IMPORTANT NOTE: Aspera recognizes that disabling the default SSH connection port (TCP/22) may affect your
client users. When you change the port, ensure that you advise your users on configuring the new port number.
Basic instructions for specifying the SSH port for fasp file transfers can be found below. To change the SSH port
for Aspera Client, click Connections on the main window, and select the entry for your computer. Under the
Connection tab, click Show Advanced Settings and enter the SSH port number in the SSH Port (TCP) field.
Installation 9
To make an impromptu connection to TCP/33001 during an ascp session, specify the SSH port (33001) with the -P
(capital P) flag. Please note that this command does not alter ascp or your SSH server's configuration.
> ascp -P 33001 ...
3. Disable non-admin SSH tunneling
IMPORTANT NOTE: The instructions below assume that OpenSSH 4.4 or newer is installed on your system.
For OpenSSH 4.4 and newer versions, the "Match" directive allows some configuration options to be selectively
overridden if specific criteria (based on user, group, hostname and/or address) are met. If you are running an
OpenSSH version older than 4.4, the "Match" directive will not be available and Aspera recommends updating to the
latest version.
In OpenSSH versions 4.4 and newer, disable SSH tunneling to avoid potential attacks; thereby only allowing
tunneling from Administrator group users. To disable non-admin SSH tunneling, add the following lines at the end of
the sshd_config file:
...
AllowTcpForwarding no
Match Group Administrators
10 Installation
AllowTcpForwarding yes
Depending on your sshd_config file, you may have additional instances of AllowTCPForwarding that are set
to the default Yes. Please review your sshd_config file for other instances and disable as appropriate.
4. Update authentication methods
Public key authentication can prevent brute force SSH attacks if all password-based authentication methods
are disabled. Thus, Aspera recommends disabling password authentication in the sshd_config file and
enabling private/public key authentication. To do so, add or uncomment PubkeyAuthentication yes in the
sshd_config file and comment out PasswordAuthentication yes.
...
PubkeyAuthentication yes
#PasswordAuthentication yes
PasswordAuthentication no
...
5. Restart the SSH server to apply new settings
When you have finished updating your SSH server configuration, you must restart the server to apply your new
settings. Restarting your SSH server will not impact currently connected users. To restart your SSH Server, go to
Control Panel > Administrative Tools > Services . Locate the OpenSSH Service and click Restart.
6. Restrict user access
Restricting user access is a critical component of securing your server. When a user's docroot is empty (i.e. blank),
that user has full access to your server's directories and files. To restrict the user, you must set a non-empty
docroot, which automatically changes the user's shell to aspshell (Aspera shell). You can do so from the product
GUI by going to Configuration > Users > Docroot > Absolute Path . Input a path in the blank field and ensure
that Override is checked.
Installation 11
Once you have set the user's docroot, you can further restrict access by disabling read, write and/or browse. You
may do so via the product GUI (as shown in the screenshot above).
Field Description Values
Absolute Path The area of the file system (i.e. path) that is accessible to the Aspera user.
The default empty value gives a user access to the entire file system.
Path or blank
Read Allowed Setting this to true allows users to transfer from the designated area of the
file system as specified by the Absolute Path value.• true
• false
Write Allowed Setting this to true allows users to transfer to the designated area of the
file system as specified by the Absolute Path value.• true
• false
Browse Allowed Setting this to true allows users to browse the directory. • true
• false
7. Review your logs periodically for attacks
Aspera recommends reviewing your SSH log periodically for signs of a potential attack. Launch Control Panel >
Administrative Tools > Event Viewer . To see only SSH Server events, select View > Filter... to bring up the
filter settings. In Application Properties > Filter tab, select sshd in the Event source menu to display only SSH
Server events. You may also apply other conditions when needed.
12 Installation
With a filter applied, you can review the logs in the Event Viewer main window, or select Action > Save Log File
As... to export a log file using .txt or .csv format.
Look for invalid users in the log, especially a series of login attempts with common user names from the same
address, usually in alphabetical order. For example:
...
Mar 10 18:48:02 sku sshd[1496]: Failed password for invalid user alex from 1.2.3.4
port 1585 ssh2
...
Mar 14 23:25:52 sku sshd[1496]: Failed password for invalid user alice from 1.2.3.4
port 1585 ssh2
...
If you have identified attacks:
• Double-check the SSH security settings in this topic.
• Report attacker to your ISP's abuse email (e.g. abuse@your-isp).
Installation 13
Setting up SharesSet up Shares on your system(s).
The instructions below will walk you through setting up the Shares application and a MySQL database on your
Windows system. These instructions assume that Shares and MySQL will be installed on the same, local machine.
1. Login as System Administrator and download the MySQL and Shares executables.
Before installing Shares, ensure that you are logged into your machine as a local system Administrator. Once
confirmed, download the Aspera Shares and MySQL executable files from our Website (input your Aspera
credentials when prompted). Note that you need to download two executables:
• AsperaMysql-<version>.exe
• AsperaShares-<version>.exe
2. Run the MySQL and Shares executables.
Install MySQL on your system by running AsperaMysql-<version>.exe. Follow the on-screen instructions.
IMPORTANT NOTE: On Windows 2008 with UAC (User Account Control) enabled, you must run the installer as an
Administrator. To do so, right-click the executable and select the option Run as administrator. You may be asked
to enter the administrator's password to allow the installer to make changes to your computer.
After the license agreement screen, select "Typical" as the desired setup type.
14 Installation
The installer will then prompt you to create or update an Aspera service account that runs the services for Aspera
products. By default, the user name is svcAspera.
Installation 15
If your machine is not joined to a Windows domain, then a local user (such as the default svcAspera) is all that is
required to run Aspera services. If the local account does not already exist, enter new credentials and click Next. If
the account exists (e.g. created through the previous installation), enter the account password and click Next.
IMPORTANT NOTE: On Windows XP 32-bit, instead of creating a user account, you may check the option Run
Aspera services as a local SYSTEM account to run these services by the local user "SYSTEM."
If your machine is joined to a domain, or you need to support requirements #2 and/or #3 below, then the type of
account specified will vary. Please refer to the table below. If the server is configured to accept the domain user
login, use a domain account that has been added to the local administrator's group to run the services. You must
create this domain account on your Domain Controller first.
No. Requirement Type of Service Account User
1 Provision local transfer users only. Local account. Domain account with local admin privileges can be used,
but is not required.
2 Provision Active Directory accounts
for transfer users (users who
wish to transfer with your server
are authenticated through Active
Directory).
Domain account with local admin privileges.
3 Transfer users store files on a
remote file system (not on your
server machine), such as an SMB
file share.
Domain account with local admin privileges. In some cases, additional
actions are required to support this requirement. Please refer to the
aspera knowledgebase or contact Aspera Technical Support for
assistance.
After creating your Aspera service account, click the Install button on the next screen.
16 Installation
During the installation process, Windows will start the MySQL service. Once complete, install the Shares application
(as Administrator) by running AsperaShares-<version>.exe. Follow the on-screen instructions and select the
Install button when prompted.
Installation 17
3. Run the Shares setup script
Once the "Aspera Shares Setup Wizard" completes, you will receive a prompt with a checkbox and a Finish button.
By default, the Run the setup script to complete the installation checkbox is turned on. Once you click Finish,
the Shares installer will automatically run the setup command. Follow the configuration instructions to complete
the setup process, which includes inputting the MySQL root password, creating the Shares DB username and
password, and creating the Shares admin account.
IMPORTANT NOTE:
If you do not want to run the setup command automatically, then uncheck (turn off) the Run the setup script to
complete the installation checkbox. If you choose not to run the setup at the end of the Shares installation, you
can run it manually by following the instructions below.
1. Open an administrative command prompt.
2. cd to C:\shares\www\script\windows.
3. Run shares_installer.bat and follow the prompts.
4. Install the Shares license.
On the computer that has the Shares application installed on it, launch your web browser and go to https://
shares-ip-address/. Log in with the administrator's username and password.
18 Installation
You can install the license by navigating to the Admin screen (via the Admin link).
Then, select Other > License .
Installation 19
5. Configure your server's hostname or IP address to send emails from Shares to users.
From the Shares Admin screen, select Other > Web Server .
20 Installation
Input your Shares server's hostname (or IP address) into the Host field, as it will be used as part of the URL
in system emails to users. For example, when an account is created for a user, that user will receive an email
Installation 21
prompting him or her to reset the password. This email contains a URL that points to whatever hostname or IP
address is put in into the Host field.
Setting up Enterprise ServerSet up Enterprise Server v3.0+ to work with Shares.
The instructions below walk you through setting up Aspera Enterprise Server 3.0+ on the same (local) machine
as Aspera Shares. These instructions assume that you have already set up your mySQL database and Shares
application. For instructions on setting up a remote transfer server (using the Node API), please refer to your Enterprise
Server guide.
WARNING! If Enterprise Server v2.7.4 or older is already installed and running on your system, then you must
upgrade to Enterprise Server 3.0+ before setting up the node server. Please refer to your Enterprise Server guide
for information on installing or upgrading.
1. Download and install Enterprise Server v3.0+.
Follow the instructions in the Enterprise Server guide for installing Enterprise Server v3.0+ and a valid license file.
2. Create a Node API username.
Aspera's Web applications authenticate to the remote node service via a Node API username and password. We
will create a Node API user/password now, and associate it with a file transfer user that we will create in the next
step. The Node API credentials can then be used to create nodes. Note that different nodes may use different Node
API username/password pairs.
> asnodeadmin.exe -a -u your_node_api_username -p your_node_api_password -x asp1
Note that adding, modifying or deleting a node-user triggers automatic reloading of the configuration and license
files, as well as the user database.
3. Create a file transfer user (e.g. asp1).
22 Installation
This is the user who authenticates the actual ascp transfer, and must be an Operating System account on the node.
Create a new transfer user "asp1" (as an Administrator) on your Operating System via the GUI ( Control Panel >
User Accounts .
IMPORTANT NOTE: After creating a user account on Windows (e.g. asp1), you need to login as that user as least
once in order for Windows to set up the user's home folder (e.g. C:\Users\asp1). Once the user's home folder
has been created, you can log back in as an Administrator and continue the steps below.
You must then set up this user within Enterprise Server. To set up a user, follow the instructions in the topic
"Setting up Users."
IMPORTANT NOTE: A docroot must be created for the file transfer user who authenticates the ascp transfer (global
or per-user). After modifying a user's docroot, you must perform a reload operation, as described in the topic
"aspera.conf for Nodes."
4. Copy the public key to the transfer user’s .ssh file.
For our example file transfer user, asp1, we will assume the following:
• The public key install location will be C:\Users\asp1\.ssh\authorized_keys.
• The key file is located in C:\Program Files (x86)\Aspera\Enterprise Server\var
\aspera_id_dsa.pub.
Open a Command Prompt ( Start menu > All Programs > Accessories > Command Prompt ) and run the
following commands to create the user's public key folder:
> cd "C:\Users\asp1"
> md .ssh
Use a text editor to create the following file (without a file extension):
C:\Users\asp1\.ssh\authorized_keys
Copy the contents of aspera_id_dsa.pub into the authorized_keys file and update the directory permissions
by right-clicking the .ssh folder and selecting the Security tab. Here, you can set permissions to read, write and
execute (full control).
Installation 23
5. (Optional) Change HTTPS port and/or SSL certificate.
The Aspera Node API provides an HTTPS interface for encrypted communication between node machines (on Port
9092, by default). To modify the HTTPS port, please view the topic "aspera.conf for Nodes." For instructions on
maintaining and generating a new SSL certificate, please refer to the topic "Setting up SSL for your Node(s)."
IMPORTANT NOTE: Most of the node settings require that you restart the asperanoded service if you change
their values. To restart the asperanoded service, run the following command(s). Please refer to the topic
"aspera.conf for Nodes" for details.
24 Node and Shares Configuration
Node and Shares ConfigurationNew node and share configuration instructions.
Node ConfigurationConfigure a new node using the Shares' GUI.
The following instructions explain how to configure a node within the Shares application. These instructions assume
that you have already installed the Shares application and Enterprise Server v3.0+ on your local machine (along with
the appropriate licenses). Before you continue, make sure that you have the following information available:
• The node computer's hostname or IP address, along with a port and path (if applicable).
• The node API username and password, which you created when you set up Enterprise Server on your node
machine.
1. Log into the Shares application with your admin username and password.
On the computer that has the Shares application installed on it, launch your web browser and go to https://
localhost/. Log in with your admin username and password.
Once logged in, you will arrive at your Home screen.
Node and Shares Configuration 25
2. On the Home screen, click the NODE + button to add a new node and complete the New Node configuration form.
You can quickly add a new node by clicking the NODE + on your Home screen.
When the New Node configuration screen appears, complete the form fields with the information you collected at
the beginning of this exercise. Below is a description of each field, along with example values.
26 Node and Shares Configuration
Field Description Sample Value
Name A description of the node. "Headquarters"
Host The node computer's hostname or IP address, along
with a port and path (if applicable). The "port" field
represents the port on which the node service is
running; which, by default, is 9092. The "path" field is an
advanced feature used for URL proxying. In nearly all
cases, you may leave this field blank.
In our example, the Shares
application and Enterprise
Server are installed on
the same computer. That
means our hostname is
localhost and our node
service port is HTTPS
9092. If the node is on
a remote host, use the
IP address or resolvable
hostname, e.g. "10.1.2.3"
and "9092".
Node and Shares Configuration 27
Field Description Sample Value
API Username The node API username that you created when you set
up Enterprise Server on your node machine. Note that
this user is kept in the redis database for authentication
between the Shares application and the node service.
"node-admin"
API Password The node API password that you created when you set
up Enterprise Server on your node machine.
"s3cur3_p433"
Use SSL To encrypt the connection to the node using SSL,
enable this box. Although the node is configured to use
Aspera's pre-installed, self-signed certificate (/opt/
aspera/etc/aspera_server_cert.pem), you can
use your own certificate by replacing the files located in
the following directories:
• /opt/aspera/shares/conf/cert.key
• /opt/aspera/shares/conf/cert.pem
To generate a new certificate, follow the instructions
provided in the topic "Setting up SSL for your Node(s)"
and use the OpenSSL command-line binary (/opt/
aspera/shares/bin/openssl).
IMPORTANT NOTE: After generating a new
certificate, you must create a “cert.pem” file that
contains both the private key and the certificate. To
do so, copy and paste the entire body of the key
and cert files into a single text file (i.e. paste the
private key, the certificate, and then save the file as
"your_cert.pem").
Enabled, by default.
Verify SSL Certificate To verify the SSL certificate, enable this box. Enabled, by default.
Bytes free - warn If you would like to receive a warning message when
the node has equal to or less than a certain number of
storage bytes free, then enter that number into this field.
You can input the number as G, MB, terrabytes and
bytes.
50G
Percent free - warn If you would like to receive a warning message when
the node has equal to or less than a certain percent
of its storage free, then enter that percentage into this
field.
25%
28 Node and Shares Configuration
Field Description Sample Value
Bytes free - error If you would like to receive an error message when
the node has equal to or less than a certain number of
storage bytes free, then enter that number into this field.
You can input the number as G, MB, terrabytes and
bytes.
10G
Percent free - error If you would like to receive an error message when the
node has equal to or less than a certain percent of its
storage free, then enter that percentage into this field.
10%
3. Save and confirm.
After inputting the node details, click the Create Node button. If your node has been successfully created, it will
appear under the Nodes section on your Home page.
From here, you can perform multiple actions.
• Click the node's name to browse files on the node
• Use the drop-down menu to the right of the node name to browse, edit, view shares, view admin activity or
delete the node.
Node and Shares Configuration 29
For detailed information on these functions, please refer to the topic "Node Functions".
IMPORTANT NOTE: One machine can be added as a node multiple times, in the circumstance that different access
credentials are required to see files in multiple areas of the system.
Share ConfigurationConfigure a new share on a selected node.
The following instructions explain how to configure a share (essentially a directory on a node) within the Shares
application. These instructions assume that you have already installed the Shares application and Enterprise Server
v3.0+ on your local machine (along with the appropriate licenses), and have followed the instructions in the topic Node
Configuration to create at least one node. Before you continue, make sure that you have the following information
available:
• The name of the node that you would like to put the share on.
• The node directory that you would like to set up as the share.
1. If you have not already done so, log into the Shares application with your admin username and password.
On the computer that has the Shares application installed on it, launch your web browser and go to https://
shares-ip-address/. Log in with your admin username and password.
Once logged in, you will arrive at your Home screen. Note that the example below assumes that you have already
set up a node (per the topic Node Configuration).
30 Node and Shares Configuration
2. On the Home screen, click the SHARES + button to add a new share and complete the New Share configuration
form.
You can quickly add a new share by clicking the SHARES + button on your Home screen.
When the New Share configuration screen appears, complete the form fields with the information you collected at
the beginning of this exercise. Below is a description of each field, along with example values.
Node and Shares Configuration 31
Field Description Sample Value
Name The name of the share is simply a description,
which means that multiple shares can also have
the same name.
"my first share"
Node Select a node from the drop-down list. This drop-
down list is automatically populated with nodes
that you have previously configured (refer to
Node Configuration).
In our example, the node is called
"my first node." We will select this
name from the drop-down list.
Directory Once you select a node from the drop-down list
above, you will be able to browse its directories
using the Browse... button. If you are not able to
browse the node's directories, please check your
node configuration.
When you click the Browse... button, you will
be prompted to select a directory in the pop-up
window. Here, you have several options:
• You can perform a simple search for a
directory by inputting it into the name field and
clicking Search.
We are going to make the
"documents" directory our share on
this node.
32 Node and Shares Configuration
Field Description Sample Value
• You can perform an advanced search by
clicking the Advanced link, and inputting your
criteria.
• You can sort the directory list by type, size,
size descending, last modified and last
modified descending.
• You can select a radio button next to the
directory that you would like to be the share.
After clicking the corresponding radio button,
click the Select button.
Bytes free - warn If you would like to receive a warning message
when the share has equal to or less than a
certain number of storage bytes free, then enter
that number into this field. You can input the
number as G, MB, terrabytes and bytes.
5G
Percent free - warn If you would like to receive a warning message
when the share has equal to or less than a
certain percent of its storage free, then enter that
percentage into this field.
25%
Bytes free - error If you would like to receive an error message
when the share has equal to or less than a
certain number of storage bytes free, then enter
that number into this field. You can input the
number as G, MB, terrabytes and bytes.
1G
Percent free - error If you would like to receive an error message
when the share has equal to or less than a
certain percent of its storage free, then enter that
percentage into this field.
10%
3. Save and confirm.
After inputting the share details, click the Create Share button. If your share has been successfully created, it will
appear under the Shares section on your Home page.
Node and Shares Configuration 33
From here, you can perform multiple actions.
• Click the share's name to browse files on the share.
• Use the drop-down menu to the right of the share name to browse, view activity, make comments, edit, view
authorizations, view admin activity or delete the share.
For detailed information on these functions, please refer to the topic "Share Functions".
34 Shares Accounts
Shares AccountsSetting up Shares directory service, group and user accounts.
Add your Directory Service (DS)Adding your directory service to Shares.
The Shares application supports the Lightweight Directory Access Protocol (LDAP) and can be configured to connect
to a directory service. The following directory service databases are supported:
• Active Directory (AD)
• Apple Open Directory
• Fedora Directory Server
• Open LDAP
Note that Shares already has a default, local database. When you add local users, they will automatically be added to
Local Database (viewable via Admin > Accounts > Directories ). For additional information on setting up local users,
please refer to Configuring Local Users.
To add a new directory service account, log into Shares and go to Admin > Accounts > Directories > New .
Shares Accounts 35
Complete the form that appears with your specific directory service's settings and click the Create ldap config button.
An example is shown below, along with a description of all settings in the proceeding table.
Option Description
Directory Type Select your directory service type from one of the following options:
• Active Directory (AD)
• Apple Open Directory
• Fedora Directory Server
• Open LDAP
Name Input a name for this directory service.
36 Shares Accounts
Option Description
Description Input a description for this directory service.
Host The directory's address and port number. By default, unsecured LDAP uses port 389,
unsecured global catalog uses port 3268, and global catalog over SSL uses port 3269.
Base DN The search treebase (e.g. dc=myCompany,dc=com for myCompany.com)
Authentication
Credentials• Anonymous Bind
• Simple Bind
If Simple Bind is selected, then you are required to input your directory
service user name, which is typically a Distinguished Name (DN) (e.g.
CN=Administrator,CN=Users,DC=myCompany,DC=com) and directory service password.
Encryption • Unencrypted (Default port 389)
• Simple TLS (Default port 636)
NOTE: Aspera highly recommends selecting Simple TLS to secure your server. By
default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and
secure by enabling TLS.
Now that you have added your directory service to Shares, you can configure specific settings for your DS user(s) and
group(s).
Configuring DS within SharesSetting up your DS groups and DS users within Shares.
After adding your directory service to Shares, you can configure specific settings for your DS user(s) and group(s).
Tab Description
DetailUpdate the information that you inputted for the DS account when you first set it up.
Shares Accounts 37
Tab Description
GroupsView and edit your DS group permissions. Your DS groups will be listed on this page, along
with Edit buttons.
38 Shares Accounts
Tab Description
To set specific permissions for an individual DS group, click the corresponding Edit button.
For further instruction on editing a DS group, please refer to the section "Setting Permissions
for Individual DS Groups."
UsersView and edit your DS users' permissions. Your DS users will be listed on this page (unless
the number of records exceeds Shares' limit for displaying a list), along with Edit buttons. If
no list appears, you can search for users by name (where you must input a minimum of one
character to perform a search).
To set specific permissions for an individual DS user, click the corresponding Edit button. For
further instruction on editing a DS user, please refer to the section "Setting Permissions for
Individual DS Users."
SecurityThis tab allows you to configure specific security settings for the entire directory.
• If you select (checkmark) Disabled, then no users from this directory can log into Shares.
This also prevents you from giving individual DS users and DS groups access to log in.
• If you select (checkmark) Login, then all users from this directory can log into Shares. If
left unchecked, you may give individual DS users and DS groups access to log in.
Shares Accounts 39
Tab Description
• If you select (checkmark) Admin, then all users in this directory have Administrative
permissions. If left unchecked, you may give individual DS users and DS groups
administrative access.
To configure DS users' security settings from their individual account pages, please refer to
the section "Setting Permissions for Individual DS Users."
SharesClick the Add Share link to authorize specific shares for this directory.
Upon doing so, you will be provided a list of nodes and shares that are currently configured in
your Shares application, along with an Authorize link.
40 Shares Accounts
Tab Description
After authorizing a share, you can modify the directory's permissions for browsing,
transferring and performing file operations within it. Note that the default permission is browse
only. To edit these permissions or de-authorize the directory's access to the share, click the
edit link.
From here, select (checkmark) permissions that directory users have for the authorized
share. For example, everyone in this directory is allowed to browse the company's event
photos; however, they cannot download, upload, or perform any file operations within the
share. After modifying your settings, click the Update button. You may de-authorize access to
this share by clicking Delete.
IMPORTANT NOTE: If you authorize a share for an entire directory, then any group within
that directory will inherit the same access permissions.
ActivityView and search for activity within this directory.
Shares Accounts 41
Tab Description
Setting Permissions for Individual DS Groups
You may configure your DS groups with unique settings (rather than defaulting to the directory settings). You will arrive
at the tabs below after clicking the Edit button for a corresponding DS group.
Tab Description
DetailView the DS group's name, modify the directory, or delete the directory from the Shares
application.
42 Shares Accounts
Tab Description
Member OfIf this group is a member of another group, then that will be indicated under this tab.
MembersDisplays this group's DS members and allows you to edit corresponding DS user settings.
Please refer to the section "Setting Permissions for Individual DS Users" for details on editing
DS user settings.
SecurityThis tab allows you to configure specific security settings for all members of the DS group,
including whether or not all members of the group can log into Shares, as well as if all
members of the group are administrators. If you select (checkmark) Login, then all users
in this group can log into Shares. If you select (checkmark) Admin, then all users in this
group have Administrative permissions. If you leave these boxes unselected, then you can
configure each local users' security settings from their individual account pages. Please refer
to the topic Configuring Local Users for details.
Shares Accounts 43
Tab Description
SharesClick the Add Share link to authorize specific shares for the members of this DS group to
access.
Upon doing so, you will be provided a list of nodes and shares that are currently configured in
your Shares application, along with an Authorize link.
IMPORTANT NOTE: If you authorized a share for this DS group's entire directory, then this
group will inherit the same access permissions for that share.
44 Shares Accounts
Tab Description
After authorizing a share, you can modify the DS group's permissions for browsing,
transferring and performing file operations within it. Note that the default permission is browse
only. To edit these permissions or de-authorize the DS group's access to the share, click the
edit link.
IMPORTANT NOTE: If the share had been authorized for this DS group's entire directory,
then the Inherited? column will be populated with the text "Inherited."
From here, select (checkmark) permissions that group members have for the authorized
share. For example, our accounting department is allowed to browse, download and upload
spreadsheets, as well as perform all file operations within the "Spreadsheets" share.
After modifying your settings, click the Update button. You may de-authorize access to this
share by clicking Delete.
Transfer SettingsImplement transfer settings/restrictions specifically for members of this group. In doing so,
you will be overriding Share's app-wide transfer settings just for this group. To configure
transfer settings just for this group, start by clicking the Override these settings button
(which will enable the input boxes).
Shares Accounts 45
Tab Description
Now, you can configure your own transfer settings for this group.
46 Shares Accounts
Tab Description
Transfer settings include the following:
• Upload target rate: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use the
node's settings.
• Upload target rate cap: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to
use the node's settings.
• Download target rate: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use
the node's settings.
• Download target rate cap: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to
use the node's settings.
• Starting policy: Select the policy that will be enforced when the transfer starts, where
policies include fixed, high, fair and low. You can also select Inherit from node to use the
node's settings. If fixed, the transfer will utilize a fixed rate policy. Under this policy, the
transfer will transmit data at a rate equal to the target rate (although this may impact the
performance of other traffic present on the network). If fair, the transfer will utilize a fair
rate policy. Under this policy, the transfer will attempt to transmit data at a rate equal to the
Shares Accounts 47
Tab Description
target rate. If network conditions do not permit that to be achieved, it will transfer at a rate
lower than the target rate, but not less than the minimum rate.
• Allowed policy: Select the policies that are available to the user during the transfer. You
can also select Inherit from node to use the node's settings. For example, if the starting
policy is fair, then you may allow them to change between fair and low by selecting the
fair and low option from the drop-down list.
• Encryption: Select from optional or AES-128. You can also select Inherit from node to
use the node's settings.
• Encryption at rest: Required or optional. You can also select Inherit from node to use
the node's settings. If required, uploaded files must be encrypted during a transfer for
the purpose of protecting them while stored on a remote server. The uploader sets a
password before uploading the file, and then the downloader is required to enter that
same password to decrypt the protected file.
Click the Save button to keep your new settings. You may also click the Use Inherited
Settings button to return to the app-wide transfer configuration.
ActivityView and search for activity by members of this DS group.
Setting Permissions for Individual DS Users
You may configure your DS users with unique settings (rather than defaulting to the directory or group settings). You
will arrive at the tabs below after clicking the Edit button for a corresponding DS user.
48 Shares Accounts
Tab Description
DetailView the DS user's name, modify the directory, or delete the user from the Shares
application.
Member ofAdd this user to a DS group by selecting one from the drop-down list. You will only see DS
groups that have been added to Shares (i.e. Setting Permissions for Individual DS Groups
through the Shares UI).
IMPORTANT NOTE: You will not be able to add DS users to a local group; only DS
groups. For instructions on configuring local users, see the topic Configuring Local Users.
After adding a DS user to a DS group, you may click the Edit link to modify the group's
settings or Remove to delete them from the group (but not from the Shares application).
Shares Accounts 49
Tab Description
When you click the Edit link, you will be taken to DS group's configuration page. Please
refer to the topic Setting Permissions for Individual DS Groups for details on modifying a DS
group's settings.
Security Under the Security tab, you can update the following settings:
• Disable the user's account. Note that if you disable this user's account on this screen,
then the user will not be able to log into Shares even if he or she belongs to a group or
directory that has access permissions.
• Explicitly allow the user to log into the Shares application.
• Explicitly make this user an Administrator.
• Allow the user to log into the API (which means that even if the user does not have
BROWSE permissions, he or she can still perform transfer and file operations).
• Set an account expiration date.
50 Shares Accounts
Tab Description
SharesClick the Add Share link to authorize specific shares for the DS user to access. Note that if
this user belongs to a DS group, and the group has access to a share, then that share will be
listed here (i.e., permission to access the share is "inherited" from the group). The same is
true if the entire directory has access to this share.
Upon doing so, you will be provided a list of nodes and shares that are currently configured in
your Shares application, along with an Authorize link.
Shares Accounts 51
Tab Description
After authorizing a share, you can modify the DS user's permissions for browsing, transferring
and performing file operations within it. Note that the default permission is browse only. If
browse is not selected, the DS user will only be able to access functions if he or she has
been made an API User (see Security tab description above). To edit these permissions or
de-authorize the DS user's access to the share, click the edit link.
From here, select (checkmark) permissions that the DS user has for the authorized share.
For example, the user in our office example is only allowed to download and browse the
marketing share; however, he cannot upload content or perform any file operations within the
share.
After modifying your settings, click the Update button. You may de-authorize access to this
share by clicking Delete.
PreferencesSelect a timezone and input any comments.
52 Shares Accounts
Tab Description
Transfer SettingsImplement transfer settings/restrictions specifically for this DS user. In doing so, you will be
overriding Share's app-wide transfer settings and DS group and/or directory settings.
Transfer settings include the following:
Shares Accounts 53
Tab Description
• Upload target rate: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use the
node's settings.
• Upload target rate cap: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to
use the node's settings.
• Download target rate: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use
the node's settings.
• Download target rate cap: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to
use the node's settings.
• Starting policy: Select the policy that will be enforced when the transfer starts, where
policies include fixed, high, fair and low. You can also select Inherit from node to use the
node's settings. If fixed, the transfer will utilize a fixed rate policy. Under this policy, the
transfer will transmit data at a rate equal to the target rate (although this may impact the
performance of other traffic present on the network). If fair, the transfer will utilize a fair
rate policy. Under this policy, the transfer will attempt to transmit data at a rate equal to the
target rate. If network conditions do not permit that to be achieved, it will transfer at a rate
lower than the target rate, but not less than the minimum rate.
• Allowed policy: Select the policies that are available to the user during the transfer. You
can also select Inherit from node to use the node's settings. For example, if the starting
policy is fair, then you may allow them to change between fair and low by selecting the
fair and low option from the drop-down list.
• Encryption: Select from optional or AES-128. You can also select Inherit from node to
use the node's settings.
• Encryption at rest: Required or optional. You can also select Inherit from node to use
the node's settings. If required, uploaded files must be encrypted during a transfer for
the purpose of protecting them while stored on a remote server. The uploader sets a
password before uploading the file, and then the downloader is required to enter that
same password to decrypt the protected file.
ActivityView and search for Shares activity by this user.
54 Shares Accounts
Tab Description
Configuring Local GroupsSetting up Shares local groups.
Administrators can create Shares local groups, in which all users who belong to the group will have the same Shares
access permissions and will belong to the Local Database (rather than a directory service). To add a new local group,
log in to Shares and go to Admin > Accounts > Groups > New .
You will first be prompted to input the new local group's Name.
Shares Accounts 55
Once you create the local group under its new name, you will be directed to the Group screen, which displays following
six tabs:
From this screen, you can configure specific settings for your new local group.
Tab Description
DetailUpdate the local group's name, or delete the group from the Shares application.
56 Shares Accounts
Tab Description
MembersAdd members to the local group by selecting local users from the drop-down list. Note that
you will only see local users who have been added to Shares (e.g. the Shares admin or other
users that you have set up through the Shares UI).
IMPORTANT NOTE: You will not be able to add DS users to a local group; only local
users. You may configure DS groups by going to the Shares Directories screen (viewable
via Admin > Accounts > Directories ).
After adding a member to your local group, you may click the Edit link to modify the user's
settings or Remove to delete them from the group (but not from the Shares application).
When you click a user's Edit link, you will be taken to the individual user's configuration
page. Please refer to the topic Configuring Local Users for details on modifying a local user's
settings.
Shares Accounts 57
Tab Description
SecurityThis tab allows you to configure specific security settings for all members of the group,
including whether or not all members of the group can log into Shares, as well as if all the
groups are administrators.
• If you select (checkmark) Login, then all users in this group can log into Shares. If left
unchecked, you may give individual users access to log in.
• If you select (checkmark) Admin, then all users in this group have Administrative
permissions. If left unchecked, you may give individual users administrative access.
To configure users' security settings from their individual account pages, please refer to the
topic Configuring Local Users for details.
SharesClick the Add Share link to authorize specific shares for the members of this group to access.
58 Shares Accounts
Tab Description
Upon doing so, you will be provided a list of nodes and shares that are currently configured in
your Shares application, along with an Authorize link.
After authorizing a share, you can modify the group's permissions for browsing, transferring
and performing file operations within it. Note that the default permission is browse only. To
edit these permissions or de-authorize the group's access to the share, click the edit link.
From here, select (checkmark) permissions that group members have for the authorized
share. For example, the video editors in our office example are allowed to browse, download
and upload video content; however, they cannot perform any file operations within the share.
After modifying your settings, click the Update button. You may de-authorize access to this
share by clicking Delete.
Shares Accounts 59
Tab Description
Transfer SettingsImplement transfer settings/restrictions specifically for members of this group. In doing so,
you will be overriding Share's app-wide transfer settings just for this group. To configure
transfer settings just for this group, start by clicking the Override these settings button
(which will enable the input boxes).
Now, you can configure your own transfer settings for this group.
60 Shares Accounts
Tab Description
Transfer settings include the following:
• Upload target rate: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use the
node's settings.
• Upload target rate cap: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to
use the node's settings.
• Download target rate: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use
the node's settings.
• Download target rate cap: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to
use the node's settings.
• Starting policy: Select the policy that will be enforced when the transfer starts, where
policies include fixed, high, fair and low. You can also select Inherit from node to use the
node's settings. If fixed, the transfer will utilize a fixed rate policy. Under this policy, the
transfer will transmit data at a rate equal to the target rate (although this may impact the
performance of other traffic present on the network). If fair, the transfer will utilize a fair
rate policy. Under this policy, the transfer will attempt to transmit data at a rate equal to the
Shares Accounts 61
Tab Description
target rate. If network conditions do not permit that to be achieved, it will transfer at a rate
lower than the target rate, but not less than the minimum rate.
• Allowed policy: Select the policies that are available to the user during the transfer. You
can also select Inherit from node to use the node's settings. For example, if the starting
policy is fair, then you may allow them to change between fair and low by selecting the
fair and low option from the drop-down list.
• Encryption: Select from optional or AES-128. You can also select Inherit from node to
use the node's settings.
• Encryption at rest: Required or optional. You can also select Inherit from node to use
the node's settings. If required, uploaded files must be encrypted during a transfer for
the purpose of protecting them while stored on a remote server. The uploader sets a
password before uploading the file, and then the downloader is required to enter that
same password to decrypt the protected file.
Click the Save button to keep your new settings. You may also click the Use Inherited
Settings button to return to the app-wide transfer configuration.
ActivityView and search for activity by members of this group.
Configuring Local UsersSetting up local Shares users.
Administrators can create Shares user accounts that will automatically added to the local database (not a directory
service). For DS users, please refer to the topic Configuring DS within Shares. Once a local user is created, he or
she can be added to a local Shares group. To add a new local user, log in to Shares and go to Admin > Accounts >
Users > New .
62 Shares Accounts
You will be prompted to input the following details:
• First Name
• Last Name
• Username
• Email Address
• Initial Login action (you can either send a login link that takes the user to the set-password page, or set a temporary
password on the user's behalf).
Once you create a local user, you will be directed to the User screen, which displays seven tabs:
Shares Accounts 63
Tab Description
DetailUpdate the local user's name, username and email address. You may also delete the local
user from the Shares application.
Member ofAdd this user to a local group by selecting one from the drop-down list. You will only see local
groups that have been added to Shares (i.e. local groups that you have set up through the
Shares UI).
IMPORTANT NOTE: You will not be able to add local users to a DS group; only local
groups. For instructions on configuring DS users, see the topic Configuring DS within
Shares.
64 Shares Accounts
Tab Description
After adding a local user to a local group, you may click the Edit link to modify the group's
settings or Remove to delete them from the group (but not from the Shares application).
When you click the Edit link, you will be taken to local group's configuration page. Please
refer to the topic Configuring Local Groups for details on modifying a local group's settings.
Security Under the Security tab, you can update the following settings:
• Send the user a password reset link
• Disable the user's account. Note that if you disable this user's account on this screen, then
the user will not be able to log into Shares even if he or she belongs to a group that has
group access permissions.
• Explicitly allow the user to log into the Shares application.
• Explicitly make this user an Administrator.
• Allow the user to log into the API (which means that even if the user does not have
BROWSE permissions, he or she can still perform transfer and file operations).
• Set an account expiration date.
• Set a temporary password.
Shares Accounts 65
Tab Description
SharesClick the Add Share link to authorize specific shares for the local user to access. Note that if
this user belongs to a local group, and the group has access to a share, then that share will
be listed here (i.e., permission to access the share is "inherited" from the group).
Upon doing so, you will be provided a list of nodes and shares that are currently configured in
your Shares application, along with an Authorize link.
66 Shares Accounts
Tab Description
After authorizing a share, you can modify the user's permissions for browsing, transferring
and performing file operations within it. Note that the default permission is browse only. If
browse is not selected, the user will only be able to access functions if he or she has been
made an API User (see Security tab description above). To edit these permissions or de-
authorize the user's access to the share, click the edit link.
From here, select (checkmark) permissions that the user has for the authorized share.
For example, the user in our office example is only allowed to download and browse the
marketing share; however, he cannot upload content or perform any file operations within the
share.
Shares Accounts 67
Tab Description
After modifying your settings, click the Update button. You may de-authorize access to this
share by clicking Delete.
PreferencesSelect a timezone and input any comments.
Transfer SettingsImplement transfer settings/restrictions specifically for this user. In doing so, you will be
overriding Share's app-wide transfer settings and group settings (if the user belongs to a
group).
68 Shares Accounts
Tab Description
Transfer settings include the following:
• Upload target rate: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use the
node's settings.
• Upload target rate cap: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to
use the node's settings.
• Download target rate: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use
the node's settings.
• Download target rate cap: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to
use the node's settings.
• Starting policy: Select the policy that will be enforced when the transfer starts, where
policies include fixed, high, fair and low. You can also select Inherit from node to use the
node's settings. If fixed, the transfer will utilize a fixed rate policy. Under this policy, the
transfer will transmit data at a rate equal to the target rate (although this may impact the
performance of other traffic present on the network). If fair, the transfer will utilize a fair
rate policy. Under this policy, the transfer will attempt to transmit data at a rate equal to the
target rate. If network conditions do not permit that to be achieved, it will transfer at a rate
lower than the target rate, but not less than the minimum rate.
Shares Accounts 69
Tab Description
• Allowed policy: Select the policies that are available to the user during the transfer. You
can also select Inherit from node to use the node's settings. For example, if the starting
policy is fair, then you may allow them to change between fair and low by selecting the
fair and low option from the drop-down list.
• Encryption: Select from optional or AES-128. You can also select Inherit from node to
use the node's settings.
• Encryption at rest: Required or optional. You can also select Inherit from node to use
the node's settings. If required, uploaded files must be encrypted during a transfer for
the purpose of protecting them while stored on a remote server. The uploader sets a
password before uploading the file, and then the downloader is required to enter that
same password to decrypt the protected file.
ActivityView and search for Shares activity by this user.
70 Using Shares
Using SharesIncludes node, share and search functionality.
Overview of Nodes, Shares and UsersShares' node, share and authorization capabilities.
Before proceeding with an administrative function review, it's important to understand Shares' node, share and
authorization capabilities. The Shares application is capable of managing one or more “transfer nodes,” which can
be local or remote file systems, or EC2 instances with or without S3. These transfer nodes are accessed using the
Aspera “Node API,” which is activated by the Enterprise Server 3.0+ license. Note that if your node is intended for use
with S3, then your license must be S3-enabled. Each node can contain one or more "shares." A share is effectively a
directory on a node, which can be browsed, uploaded to, downladed from, etc. Users can be authorized for any subset
of operations on a share, and can only view buttons for the opperations that they are authorized to perform. Now, let's
take a closer look at administrative capabilities. Please refer to the table below.
Managing Nodes, Shares and Users
Administrative
Capability
Description
Node
Administration• Nodes are only visible to administrators.
• All administrators have the same level of privileges for all nodes.
• Administrators can create, edit and delete nodes.
• The Shares application requires user authentication to access the node.
Share
Administration• Only administrators can create, edit and delete shares.
• Only admins can changes share authorizations (access control).
• All administrators have the same level of privileges for share administration for all shares.
Authorization • Only administrators can change share authorizations.
• Precedence:
• Authorizations can be granted to users, groups and directory services.
• Authorization at the user level applies takes precedence over the user's group and/or
directory service authorization (if applicable).
• In the absence of user-level authorization, a user is granted the “union” of all authorizations
for the user's groups and directory services (if applicable).
• Administrators can view, edit and remove authorizations.
• Users can be authorized for any subset of the operations on a share, where operations include
the following:
• Browse
• Upload
Using Shares 71
Administrative
Capability
Description
• Download
• Make directory
• Delete directory or file
• Rename
IMPORTANT NOTE: If a user is not granted “browse” access, but is allowed other operations,
then the user will not be able to access any controls through the UI.
Node FunctionsFunctions you can perform on a node.
Node Drop-down List
Once you have successfully created a node, it will appear under the NODES section on your Home page.
From here, you can perform multiple actions.
• Click the node's name to browse files on the node.
• Use the drop-down menu to the right of the node name to browse, edit, view shares, view admin activity or delete
the node.
72 Using Shares
These drop-down options are described in detail below.
Function Description
Browse node Please refer to the Section "Browsing a Node," below.
Edit Select Edit from the drop-down list to the right of the node's name. From the node's
Detail view, you can check the node's status by performing a test; verify its free
space; and delete the node completely. You can also change the details that you
provided during the configuration step (refer to "Node Configuration").
Shares Select Shares from the drop-down list to the right of the node's name. This is also
accessible from the node's Detail view (second tab). Here, you can view the name
and directory for each of the node's shares, as well as edit each share. When you
click Edit, you will be taken to the share's detail page, the functions of which are
described in this topic "Share Functions".
Admin Activity Select Admin Activity from the drop-down list to the right of the node's name. This
is also accessible from the node's Detail view (third tab). You will see a list of all
admin activity that has occurred on the selected node. You may also search for
activity based on tagged events or a date range.
Delete Select Delete from the drop-down list to the right of the node's name. This is
also accessible from the node's Detail view (link at the bottom of the page). This
function deletes the node from the Shares application.
Browsing a Node
When you browse a node, you will be able to see all directories that exist on that node.
Using Shares 73
You can also search for a directory name (using simple or advanced search) and sort the directory list. The following
buttons enable you to perform actions on a directory or directories.
• Bookmark: Create a shortcut to the selected (checkmarked) directory. If you do not check any directory, then the
bookmark will be the node's root directory.
• Download: Download the selected (checkmarked) directory or directories using the Aspera Connect browser
plugin.
• Upload: Upload a file or folder from another machine to this node using the Aspera Connect browser plugin.
• Delete: Delete the selected (checkmarked) directory or directories.
• New Folder: Create a new directory on the node.
• Rename: Rename an existing directory on the node.
• Create Share: Configure a new share for the selected directory (you can only select one directory at a time). Once
you click the Create Share button, you will be taken to the New Share page, which will be pre-populated with the
node and directory information. To complete the other fields, see the topic "Shares Configuration".
Share FunctionsFunctions you can perform within a Share (with the proper permissions).
Shares Drop-down List
Once you have successfully created a share, it will appear under the SHARES section on your Home page.
From here, you can perform multiple actions.
74 Using Shares
• Click the share's name to browse files on the share.
• Use the drop-down menu to the right of the share name to browse, view activity, make comments, edit, view
authorizations, view admin activity or delete the share.
These drop-down options are described in detail below.
Function Description
Browse share Please refer to the Section "Browsing a Share," below.
Activity Select Activity from the drop-down list to the right of the share's name. You will
see a list of all activity that has occurred on the selected share. You may also
search for activity based on tagged events or a date range.
Comments You can see, edit or delete any comments that have been made about the share.
You can also add your own comments.
Edit Select Edit from the drop-down list to the right of the share's name. From the
share's Detail view, you can check the share's status by performing a test; verify its
free space; and delete the share completely. You can also change the details that
you provided during the configuration step (refer to Share Configuration on page
29).
Authorizations Select Authorizations from the drop-down list to the right of the share's name.
This is also accessible from the share's Detail view (second tab). Here, you can
add, delete and change authorizations for this share. You may authorize users,
groups and directories by clicking the respective links.
Admin Activity Select Admin Activity from the drop-down list to the right of the share's name.
This is also accessible from the share's Detail view (third tab). You will see a list of
all admin activity that has occurred on the selected share. You may also search for
activity based on tagged events or a date range.
Delete Select Delete from the drop-down list to the right of the share's name. This is
also accessible from the share's Detail view (link at the bottom of the page). This
function deletes the share from the node within the Shares application.
Using Shares 75
Browsing a Share
When you browse a share, you will be able to see all files/directories within that share.
You can also search for a directory name (using simple or advanced search) and sort the directory list. The following
buttons enable you to perform actions on a directory or directories:
• Bookmark: Create a shortcut to the selected (checkmarked) directory. If you do not check any directory, then the
bookmark will be the share's root directory.
• Download: Download the selected (checkmarked) directory or directories using the Aspera Connect browser
plugin.
• Upload: Upload a file or folder from another machine to this share using the Aspera Connect browser plugin.
• Delete: Delete the selected (checkmarked) directory or directories.
• New Folder: Create a new directory on the share.
• Rename: Rename an existing directory on the share.
• Create Share: Configure a new share for the selected directory (you can only select one directory at a time). Once
you click the Create Share button, you will be taken to the New Share page, which will be pre-populated with the
node and directory information. To complete the other fields, see the topic Share Configuration on page 29.
Search FunctionalitySimple and advanced search features.
Within a Node, Share or your Accounts list (i.e. directories, groups and users), you can perform a keyword search.
Simple and Advanced Search for Shares and Nodes
Select a share or a node on your Home page, and then within the Name: box, input a keyword for your search. You
can also enable/disable the Search sub-folders option. Note that Shares appends any keyword that you enter with *.
Thus, if you enter the keyword "Dec", then the search will actually be performed as "*Dec*"and Shares will return any
string that contains this word.
76 Using Shares
To perform a keyword search and limit the number of results, use Advanced search. You can set the following filters:
• Size (minimum and/or maxiumum values). You can include the unit of measure as bytes, MB or GB.
• Last Modified (from date and/or to date). Select a date from the pop-up calendar.
Simple Search for Accounts (Directories, Groups and Users)
From the Admin tab, select Directories, Groups or Users (depending on what account type you would like to search
for). You will be prompted to input at least two characters for your search query.
Shares Administration 77
Shares AdministrationAdministrative features for configured nodes, shares and users.
MonitoringMonitoring activity, background jobs, and errors/warnings.
From the Admin menu, the following monitoring capabilities are available from the left-hand navigation menu:
• Activity
• Background Jobs
• Errors and Warnings
Activity
After clicking the Activity link, you can view all activity that has occurred on your Shares server. Reported activity
includes the following:
• Created nodes and shares
• Log ins
• File deletion
• Node status
Note that each reported activity event is accompanied by a tag. You can click the tag to find related activities.
78 Shares Administration
You may also peform an activity event search. Click the Search link and enter the requisite information.
Background Jobs
To view, start and/or delete background jobs that are running on your Shares server, click the Background Jobs link.
Errors and Warnings
To view and/or search for errors and warnings that have occurred on your Shares server, click the Errors and
Warnings link.
EmailConfiguring Shares email capabilities (SMTP, templates and variables).
From the Email menu, the following capabilities are available:
• Templates
• Variables
• SMTP
Templates
Shares comes pre-configured with notification templates, which are accessible via the Templates link. To view and/or
edit a template, click its hyperlinked name. When editing a template, you can configure both an HTML and plain-text
version, as well as insert Variables. If you would like to create a new template, you can easily do so by copying a pre-
configured template, and editing it as needed.
Variables
To create and/or edit variables to be inserted into your notification templates, click the Variables link. When creating or
editing a variable, you can configure both an HTML and plain-text version.
Shares Administration 79
SMTP
To input your server's SMTP settings, select the SMTP option and complete the form, which requests the following
information:
• Server: SMTP server address
• Port: SMTP port
• Domain: Domain name
• Use TLS if available: Aspera highly recommends turning this setting on to secure your email server.
• Username: Email username
• Password: Email password
• From: The "From" email address, which you are required to set.
To debug your SMTP server settings, click Send Test Email. Once you have configured your SMTP server, you
can return to this page to view all Shares activity related to it (via the Activity tab). Each reported activity event is
accompanied by a tag. You can click the tag to find related activities.
80 Shares Administration
You may also peform an activity event search. Click the Search link and enter the requisite information.
SecuritySystem-wide security settings.
Your user security configuration is critical to maintaining a secure Shares server. Under the Security link, you can set
the following options:
• Session timeout: Log users out after this many minutes of inactivity (1-480 minutes).
• Require strong passwords: Require passwords to be at least 8 characters and contain at least one uppercase
letter, lowercase letter, number and symbol.
• Password expiration interval: Reset Number of days before a user must change his/her password (1-720 or
blank).
• Failed login count: Reset Number of failed logins within Failed Login Interval that will cause account to be locked
(1-20).
• Failed login interval: Number of minutes within which Failed Login Count results in account being locked (1-60).
• Self registration: Determines if non-users can create or request user accounts. Choose between none (not
allowed), moderated (you must approve the account before it is created), and unmoderated (once a user
registers, his or her account will be automatically created). If you allow self-registration, the moderated setting is
recommeded for security.
Shares Administration 81
MODERATED SELF-REGISTRATION NOTE: If users are allowed to self-register, then they will see a Request an
Account link on the login page. After a user clicks this link and completes the form, you (as the administrator) will be
prompted under Admin > Accounts > Self Registration to Approve, Deny or Delete his or her account. You may
also perform a status search for "New" accounts.
Other SettingsMiscellanous administrative settings.
The following configuration options are available under the Other menu on the Admin page:
• Background
• License
• Localization
• Logging
• Logos
• Messages
82 Shares Administration
• Transfers
• Web Server
Background
Modify and/or reset the parameters (e.g. frequency, storage, etc.) that Shares checks when running background jobs.
License
View/or change your Shares license.
Localization
Configure your Shares server with your local timezone, date format and time format.
Logging
Configure whether logged events trigger a warning or an error.
Logos
Add, edit or delete a custom logo for your Shares Web UI.
Messages
Create a login page message for your users, as well as a home page (after being logged in) message.
Transfers
Configure your transfer settings, which include the following:
• Min connect version: This is the minimum version of the Aspera Connect browser plugin that can be used to
transfer with Shares. Must be in the form "X.Y" (e.g. 1, 1.2, 1.2.3, or 1.2.3.4).
• Upload target rate: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use the node's settings.
• Upload target rate cap: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use the node's settings.
• Download target rate: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use the node's settings.
• Download target rate cap: For example, 1.5 Gbps, 500Mbps, 10 K, 3000. Leave blank to use the node's settings.
• Starting policy: Select the policy that will be enforced when the transfer starts, where policies include fixed, high,
fair and low. You can also select Inherit from node to use the node's settings. If fixed, the transfer will utilize a
fixed rate policy. Under this policy, the transfer will transmit data at a rate equal to the target rate (although this may
impact the performance of other traffic present on the network). If fair, the transfer will utilize a fair rate policy. Under
this policy, the transfer will attempt to transmit data at a rate equal to the target rate. If network conditions do not
permit that to be achieved, it will transfer at a rate lower than the target rate, but not less than the minimum rate.
• Allowed policy: Select the policies that are available to the user during the transfer. You can also select Inherit
from node to use the node's settings. For example, if the starting policy is fair, then you may allow them to change
between fair and low by selecting the fair and low option from the drop-down list.
Shares Administration 83
• Encryption: Select from optional or AES-128. You can also select Inherit from node to use the node's settings.
• Encryption at rest: Required or optional. You can also select Inherit from node to use the node's settings. If
required, uploaded files must be encrypted during a transfer for the purpose of protecting them while stored on a
remote server. The uploader sets a password before uploading the file, and then the downloader is required to enter
that same password to decrypt the protected file.
Web Server
Configure your web server settings, including the host, port and whether or not SSL/TLS is enabled. Note that the
hostname (or IP address) inputted into the Host field will be used as part of the URL in Shares' emails to users. For
example, when an account is created for a user, that user will receive an email prompting him or her to reset the
password. This email contains a URL that points to whatever hostname or IP address is put in into the Host field.
84 Appendix
Appendix
aspera.conf for NodesEditing aspera.conf for your Enterprise Server node configuration.
The following section has been added to the aspera.conf file for configuring your node machine(s). The aspera.conf
file can be found in the following location:
OS Version File Location
32-bit Windows C:\Program Files\Aspera\Enterprise Server\etc\aspera.conf
64-bit Windows C:\Program Files (x86)\Aspera\Enterprise Server\etc\aspera.conf
IMPORTANT NOTE: Most of the settings shown below require that you restart the asperanoded service if you
change their values. To restart the asperanoded service, run the following command(s):
Windows 32-bit
C:\Program Files\Aspera\Enterprise Server\bin> sc stop asperanoded
C:\Program Files\Aspera\Enterprise Server\bin> sc start asperanoded
Windows 64-bit
C:\Program Files (x86)\Aspera\Enterprise Server\bin> sc stop asperanoded
C:\Program Files (x86)\Aspera\Enterprise Server\bin> sc start asperanoded
<server>
<server_name> <!-- hostname or IP address -->
your_hostname
</server_name>
<http_port> <!-- integer (1 - 65535) -->
9091
</http_port>
<https_port> <!-- integer (1 - 65535) -->
9092
</https_port>
<enable_http> <!-- true | false -->
false
</enable_http>
Appendix 85
<enable_https> <!-- true | false -->
true
</enable_https>
<cert_file> <!-- full pathname; .chain file same /path/filename
-->
/opt/aspera/etc/aspera_server_cert.pem
</cert_file>
<max_response_entries> <!-- max # of entries to return in a response -->
1000
</max_response_entries>
<max_response_time_sec> <!-- max amount of time to wait for a long-running
operation -->
10
</max_response_time_sec>
<db_dir> <!-- path to directory, where the DB file will be
saved -->
/opt/aspera/var
</db_dir>
<db_port> <!-- integer (1 - 65535) -->
31415
</db_port>
</server>
Setting Description Default Value
Server name Hostname or IP address. Note that you must
RESTART the asperanoded service (not
reload), as per the instructions above, to
implement any changes to this setting.
The hostname of the system
HTTP Port HTTP service port. Note that you must
RESTART the asperanoded service (not
reload), as per the instructions above, to
implement any changes to this setting.
9091
HTTPS Port HTTPS service port. Note that you must
RESTART the asperanoded service (not
reload), as per the instructions above, to
implement any changes to this setting.
9092
Enable HTTP Enable HTTP for the Node API services. Note
that you must RESTART the asperanoded
service (not reload), as per the instructions
false
86 Appendix
Setting Description Default Value
above, to implement any changes to this
setting.
Enable HTTPS Enable HTTPS for the Node API services.
Note that you must RESTART the
asperanoded service (not reload), as per
the instructions above, to implement any
changes to this setting.
true
Cert File Full pathname of SSL certificate (.pem and
existing support for .chain). Note that you
must RESTART the asperanoded service
(not reload), as per the instructions above, to
implement any changes to this setting.
C:\Program Files OR Program Files
(x86)\Aspera\Enterprise Server\bin
\aspera_server_cert.pem
Maximum response
entries
Maximum number of entries to return in a
response. For this setting, you can perform a
reload operation using asnodeadmin (which
takes several seconds). The command is
asnodeadmin.exe --reload.
1000
Maximum response
time in seconds
Maximum amount of time to wait for a
long-running operation. For this setting,
you can perform a reload operation using
asnodeadmin (which takes several seconds).
The command is asnodeadmin.exe --
reload.
10
DB directory Path to the directory where the database
file is saved. Note that you must RESTART
the asperanoded service (not reload), as
per the instructions above, to implement any
changes to this setting.
C:\Program Files OR Program Files
(x86)\Aspera\Enterprise Server\var
DB port Database service port. Note that you must
RESTART the asperanoded service (not
reload), as per the instructions above, to
implement any changes to this setting.
31415
aspera.conf for S3
The example below displays how aspera.conf should be modified for AWS S3 transfers. Note that you must meet the
following prerequisites before modifying aspera.conf:
Appendix 87
• You (i.e. your username) have permissions to access the S3 bucket.
• You know your username's S3 Access ID and Secret Key.
<?xml version='1.0' encoding='UTF-8'?>
<CONF version="2">
<server>
<server_name>aspera.example.com</server_name>
</server>
<aaa>
<realms><realm><users>
<user>
<name>UserName</name>
<authorization>
<transfer>
<in>
<value>token</value>
</in>
<out>
<value>token</value>
</out>
</transfer>
<token>
<encryption_key>YourSuperSecretKey</encryption_key>
</token>
</authorization>
<file_system>
<access>
<paths>
<path>
<absolute></absolute>
<read_allowed>true</read_allowed> <!-- Read Allowed: boolean true
or false -->
<write_allowed>true</write_allowed> <!-- Write Allowed: boolean true
or false -->
<dir_allowed>true</dir_allowed> <!-- Browse Allowed: boolean true
or false -->
<restrictions> <!-- File access restrictions.
Multiple entries are allowed. -->
<restriction>s3://*</restriction>
<restriction>!azu://*</restriction>
</restrictions>
88 Appendix
</path>
</paths>
</access>
</file_system>
</user>
</users></realm></realms>
</aaa>
</CONF>
Docroot Restrictions for URI Paths
IMPORTANT NOTE: A configuration with both a docroot absolute path (docrooted user) and a restriction is not
supported.
The primary purpose of restrictions is to allow access to special storage (Amazon S3, Azure, etc.) for clients who have
their own storage credentials, as opposed to special storage docroots. Instead of using docroots in aspera.conf we
use a docroot restriction.
Configuration:
<paths>
<path>
<restrictions>
<restriction>s3://*</restriction>
<restriction>!azu://*</restriction> #The ! forbids azu:// access.
</restrictions>
</path>
</paths>
Restrictions can also be put in the default section, once for all users.
Functionality:
A docroot restriction limits the files a client is allowed to access (browse and transfer). Files are rejected unless they
match the restrictions (if any are present). Restrictions work for URI paths (e.g. s3://*) and are processed in the
following order:
1. If a restriction starts with "!", any files that match the rest of the wildcard template are rejected at that point.
2. If a restriction does not start with a "!", then any file that matches is kept.
3. If any non-"!" restrictions exist, and the file does not match any of them, the file is rejected.
4. Files that fail restrictions during directory iteration are ignored as if they didn't exist.
Setting up SSL for your Node(s)Communicating with Aspera Node(s) over HTTPS
Appendix 89
The Aspera Node API provides an HTTPS interface for encrypted communication between node machines (on Port
9092, by default). For example, if you are running the Faspex Web UI or the Shares Web UI on Machine A, you can
encrypt the connection (using SSL) with your transfer server or file-storage node on Machine B. Enterprise Server
nodes are pre-configured to use Aspera's default, self-signed certificate (aspera_server_cert.pem), located in the
following directory:
• (Windows 32-bit) C:\Program Files\Aspera\Enterprise Server\etc
• (Windows 64-bit) C:\Program Files (x86)\Aspera\Enterprise Server\etc
To generate a new certificate, follow the instructions below.
ABOUT PEM FILES: The PEM certificate format is commonly issued by Certificate Authorities. PEM certificates
have extensions that include .pem, .crt, .cer, and .key, and are Base-64 encoded ASCII files containing "-----BEGIN
CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and
private keys can all be put into the PEM format.
1. Create a working directory
In a Command Prompt window (Start menu > All Programs > Accessories > Command Prompt), create a new
working directory as follows:
> cd c:\
> mkdir ssl
> cd c:\ssl
2. Copy openssl.cnf to your working directory
Enter the following commands in your Command Prompt window:
OS Version Commands
32-bit Windows > copy "c:\Program Files\Common Files\Aspera\common\apache\conf
\openssl.cnf" "c:\ssl\"
> cd c:\ssl
64-bit Windows > copy "c:\Program Files (x86)\Common Files\Aspera\common\apache\conf
\openssl.cnf" "c:\ssl\"
> cd c:\ssl
3. Enter the OpenSSL command to generate your Private Key and Certificate Signing Request
90 Appendix
In this step, you will generate an RSA Private Key and CSR using OpenSSL. In a Command Prompt window,
enter the following command (where my_key_name.key is the name of the unique key that you are creating and
my_csr_name.csr is the name of your CSR):
> openssl req -config "c:\ssl\openssl.cnf" -new -nodes -keyout my_key_name.key -
out my_csr_name.csr
Note that in the example above, the .key and .csr files will be written to the c:\ssl\ directory.
4. Enter your X.509 certificate attributes
After entering the command in the previous step, you will be prompted to input several pieces of information, which
are the certificate's X.509 attributes.
IMPORTANT NOTE: The common name field must be filled in with the fully qualified domain name of the server to
be protected by SSL. If you are generating a certificate for an organization outside of the US, please refer to the
link http://www.iso.org/iso/english_country_names_and_code_elements for a list of 2-letter, ISO country codes.
Generating a 1024 bit RSA private key
....................++++++
................++++++
writing new private key to 'my_key_name.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:Your_2_letter_ISO_country_code
State or Province Name (full name) [Some-State]:Your_State_Province_or_County
Locality Name (eg, city) []:Your_City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your_Company
Organizational Unit Name (eg, section) []:Your_Department
Common Name (i.e., your server's hostname) []:secure.yourwebsite.com
Email Address []:[email protected]
You will also be prompted to input "extra" attributes, including an optional challenge password. Please note that
manually entering a challenge password when starting the server can be problematic in some situations (e.g., when
Appendix 91
starting the server from the system boot scripts). You can skip inputting a challenge password by hitting the "enter"
button.
...
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
After finalizing the attributes, the private key and CSR will be saved to your root directory.
IMPORTANT NOTE: If you make a mistake when running the OpenSSL command, you may discard the generated
files and run the command again. After successfully generating your key and Certificate Signing Request, be sure to
guard your private key, as it cannot be re-generated.
5. Send CSR to your signing authority
You now need to send your unsigned CSR to a Certifying Authority (CA). Once completed, you will have valid,
signed certificate.
IMPORTANT NOTE: Some Certificate Authorities provide a Certificate Signing Request generation tool on their
Website. Please check with your CA for additional information.
6. (Optional) Generate a Self-Signed Certificate.
At this point, you may need to generate a self-signed certificate because:
• You don't plan on having your certificate signed by a CA
• Or you wish to test your new SSL implementation while the CA is signing your certificate
You may also generate a self-signed certificate through OpenSSL. To generate a temporary certificate (which is
good for 365 days), issue the following command:
openssl x509 -req -days 365 -in my_csr_name.csr -signkey my_key_name.key -
out my_cert_name.crt
7. Create the PEM file.
After generating a new certificate, you must create a pem file that contains both the private key and the
certificate. To do so, copy and paste the entire body of the key and cert files into a single text file and save
the file as aspera_server_cert.pem (before overwriting, be sure to back-up the existing pem file as
aspera_server_cert.old), in the following directory:
• (Windows 32-bit) C:\Program Files\Aspera\Enterprise Server\etc
92 Appendix
• (Windows 64-bit) C:\Program Files (x86)\Aspera\Enterprise Server\etc
8. Restart the node service.
You must restart (not reload) the Aspera node service after generating a new certificate. To do so, run the following
command(s):
Windows 32-bit
C:\Program Files\Aspera\Enterprise Server\bin> sc stop asperanoded
C:\Program Files\Aspera\Enterprise Server\bin> sc start asperanoded
Windows 64-bit
C:\Program Files (x86)\Aspera\Enterprise Server\bin> sc stop asperanoded
C:\Program Files (x86)\Aspera\Enterprise Server\bin> sc start asperanoded
Backup SharesInstructions on backing up Shares and its database.
To backup your Shares web application and accompanying database, follow the instructions below.
IMPORTANT NOTE: The file database.yml must be backed up manually. This file can be found in the directory
C:\shares\www\config\.
1. Create a backup directory.
You must create a backup directory before proceeding to the next step. To do so, run the following command in a
command prompt:
> mkdir C:\backups
2. Run the backup command (in the context of the gem bundle).
To create your Shares backup, run the following commands in a command prompt:
> cd C:\shares\www
> bundle exec rake backup DIR=C:\backups
This will create a date-stamped file under your Shares backup directory. For example:
C:\backups\20120228142934
Lastly, copy this file to your backup machine.
Appendix 93
Restore SharesInstructions on restoring Shares and its database to a new machine.
To restore your Shares web application and accompanying database ON A NEW MACHINE (i.e. your backup server),
follow the instructions below.
IMPORTANT NOTE: These instructions assume that you have already perform the backup steps described in the
topic "Backup Shares."
1. Ensure that your Shares backup is available.
Verify that you have copied the Shares backup file to your new machine (see backup steps).
2. Follow the Shares installation instructions.
Install Aspera Shares on your backup server by following the instructions detailed in this manual's Installation
Chapter.
WARNING! Ensure that the Shares version you are installing (downloaded installers VERSION number) matches
that of your backup version. Do not attempt to install a new version of Shares and restore an older version from your
backup.
3. Stop Shares services.
You may stop Shares services within the Computer Management window, which is accessible via Manage >
Services and Applications > Services .
94 Appendix
The following services should be stopped:
• Aspera Nginx Service
• Aspera Delayed Job Service
• Aspera Web Services
4. Update database.yml.
Replace database.yml with the version of database.yml that you manually saved during the backup process.
5. Run the restore command.
To restore Shares, run the following command in a command prompt, where in this example,
• E:\aspera-shares-restore is the directory that the backup file is stored in on the new server.
Appendix 95
• 20120228142934 is the backup file's name.
> cd C:\shares\www
> bundle exec rake restore DIR=E:\aspera-shares-restore\20120228142934
6. Start Shares services.
You may start Shares services within the Computer Management window, which is accessible via Manage >
Services and Applications > Services .
The following services should be started:
• Aspera Nginx Service
96 Appendix
• Aspera Delayed Job Service
• Aspera Web Services
Uninstall SharesInstructions for uninstalling Shares from your system.
To remove Shares from your system, you must first stop its services from a command prompt.
> cd C:\shares\www\script\windows
> shares_uninstaller.bat
Then, uninstall the Shares application and MySQL from Control Panel > Add/Remove Programs or Control Panel
> Uninstall a Program (depends on your Windows version).
Technical Support 97
Technical SupportFor further assistance, you may contact us through the following methods:
Contact Info
Email [email protected]
Phone +1 (510) 849-2386
Request Form http://support.asperasoft.com/home
The technical support service hours:
Support Type Hour (Pacific Standard Time, GMT-8)
Standard 8:00am – 6:00pm
Premium 8:00am – 12:00am
We are closed on the following days:
Support Unavailable Dates
Weekends Saturday, Sunday
Aspera Holidays Please refer to our Website.
98 Feedback
FeedbackThe Aspera Technical Publications department wants to hear from you on how Aspera's user manuals can be
improved. To submit feedback about this manual, or any other Aspera product document, please visit the Aspera
Product Documentation Feedback Forum.
Through this forum, you can let us know if you find content that isn't clear or appears incorrect. We also invite you to
submit ideas for new topics, as well as ways that we can improve the documentation to make it easier for you to read
and implement. When visiting the Aspera Product Documentation Feedback Forum, please remember the following:
• You must be registered to use the Aspera Support Website at https://support.asperasoft.com/.
• Be sure to read the forum guidelines before submitting a request.
Legal Notice 99
Legal Notice© 2012 Aspera, Inc. All rights reserved.
Aspera, the Aspera logo, and fasp transfer technology, are trademarks of Aspera Inc., registered in the United States.
Aspera Connect Server, Aspera Enterprise Server, Aspera Point-to-Point, Aspera Client, Aspera Connect, Aspera
Cargo, Aspera Console, Aspera Orchestrator, Aspera Crypt, Aspera Shares, the Aspera Add-in for Microsoft Outlook,
and Aspera faspex are trademarks of Aspera, Inc. All other trademarks mentioned in this document are the property
of their respective owners. Mention of third-party products in this document is for informational purposes only. All
understandings, agreements or warranties, if any, take place directly between the vendors and the prospective users.