What is IBM Aspera Transfer Endpoint?
The Transfer Endpoint is an Aspera transfer application. It is intended to be an application used by a single user, with additional buit-in limited server capabilities for two authenticated transfer users. It was previously called Aspera Point-to-Point. Please see here for more information.
How is the Transfer Endpoint normally deployed?
Typical deployments are:
– Remote endpoints for push of data from a central location. Example: Automated "push" file transfers from a central Data Center to smaller remote locations worldwide:
- Push and pull transfers between two fixed locations. Often automated transfers between
locations, using watch folders:
- Transfer endpoint for a small remote location such as a branch office:
- Using Transfer Endpoint with Aspera Sync for high-speed, large-volume automated file synchronization between two fixed locations:
What are the main differences between the Transfer Server and the Transfer Endpoint?
|TRANSFER SERVER||TRANSFER ENDPOINT|
|Number of transfer users allowed||Unlimited||2*|
Full AD/LDAP support
AD/LDAP groups not supported
|Share Connections||Share with all users||Connections sharing not allowed|
|Share SSH keys||Share with all users||SSH private key sharing not allowed|
|Transfer with Connect browser plugin||Supported||Not supported|
|Use with Aspera client applications: Drive, Client, Mobile, Cargo, Outlook Plug-in||Supported||Aspera Client and Aspera Drive supported|
|Transfer direct to object storage||Supported||Not supported|
|Video and data streaming||Supported*||Supported*|
|High Availability||Supported: Main + cluster node licensing||No cluster licensing offered, but licensing two Transfer Endpoints to achieve HA is possible|
|Initiate connections to other Transfer Servers or Transfer Endpoints||Supported||Supported (but pre-defined connection details cannot be shared, see below)|
* The 2nd transfer user is intended for management only. If added to Aspera Console as a Managed Node as
the endpoint type "SSH" to support remote/centralized configuration from Console this consumes 1 transfer user.
Please note that some of the features specified above may be subject to additional licensing.
* Video streaming uses separate licensing
"Transfer users" explained
A transfer user can equally be defined as a "user login that does transfers".
The transfer user is required for another Aspera transfer application to log in to it. Once you are logged in (authenticated) you can initiate a file transfer or stream, in either direction.
A transfer user is a system user that is enabled for Aspera transfers. The transfer user is normally
pointed to a document root, which contains the files associated with the user. The document root
is a "jail", which means once you are logged in you can only access your designated document root directory and any subdirectories within it.
Example: If your document root is set as C:\data on Windows, you will only be able to access C:\data and any folders beneath C:\data. You will not be able to access C:\.
The transfer user is not used when you connect outbound from your Transfer Endpoint to another Aspera location. The transfer user is only used for Aspera locations connecting to your Transfer Endpoint. The transfer user is authenticated with a username/password, or public/private SSH key.
When you want someone to connect to your Transfer Endpoint, you must create a transfer user
for them and provide the login details for the user.
Transfer Endpoint allows you to initiate an Aspera connection to do a transfer to any other Transfer Endpoint or Transfer Server. To initiate (set up) a connection you will need to know the transfer user login details of the remote Aspera endpoint. From your Transfer Endpoint you then connect to establish the connection with the remote endpoint. Once the connection is established you will be able to upload or download files, or if you are licensed for it, transport a video or data stream in either direction.
Once you are connected you are free to start a transfer or stream in either direction. What is important is who initiates the connection. Why is this so important? Because if someone wants to set up/initiate a connection to your Transfer Endpoint, they will need a transfer user to log in with.
Since you only have 2 transfer users that can be provided - and 1 transfer user may be used for management with Aspera Console - you are effectively left with a single transfer user/login that can be used with your Transfer Endpoint.
Why Transfer Users can't be used by more than one person
Example: When you log in to the Transfer Endpoint with a transfer user you are able to access all the files placed in the document root "C:\data" of your transfer user. The document root is the directory/folder designated to the transfer user. The user can only access the document root directory and any subdirectories. Example: C:\ will be inaccessible but C:\data and C:\data\A will be accessible.
When someone logs in to a Transfer Server or a Transfer Endpoint with their transfer user, all transfers are run as the logged-in user. Example: You log in as user "bob" and upload a file. The file will now be owned by the user "bob" on the file system.
Let's say you have created the transfer user "bob" in Transfer Endpoint. Bob has his own Aspera Server. He configures his Aspera Client or Server to connect to your Transfer Endpoint, logging in as "bob". He is able to access the files in the document root C:\data on your machine where Transfer Endpoint is installed. He is also able to upload and download files.
You then give the same transfer user login details for the "bob" user to Dewi. Using the same details, Dewi is able to log in as "bob".
The effect is two-fold:
1) Dewi will be able to see and download all of Bob's files
2) If Dewi or Bob upload a file, you have no way of knowing who performed that transfer since the transfer was done as the user "bob" - but was it actually "Bob" himself, or Dewi?
If you will only ever have 1 user that needs to log in to your Transfer Endpoint, that is fine. If you have the need to support logins with multiple transfer users, you will need Aspera Transfer Server
Using Transfer Endpoint with Aspera Console
Aspera Console is an application that provides real-time monitoring and historical reporting of Aspera transfers. Optionally, it also provides the ability to centrally manage all your Aspera Servers and Transfer Endpoints. See here for more information on Aspera Console.
Any Transfer Endpoint can be added to Console as what is called a managed node. It can be added in two ways:
- With support for transfer monitoring and reporting only
- With support for transfer monitoring and reporting, and configuration management
Configuration management means that you are able to view and change the configuration of the Transfer Endpoint from within Aspera Console, instead of having to remotely connect to do this.
This facility is very useful when you have a number of endpoints that you wish to administer from a single point.
When added to Console for transfer monitoring and reporting this does not require a transfer user.
If you want to add to Console and be able to remotely manage from Console, you need to create a transfer user for this specific purpose. We therefore say that you "consume" 1 transfer user, if used with Console not just for reporting/monitoring but also for remote configuration management.
Feature differences - Transfer Endpoint vs Transfer Server
Most of these details can be gleaned from inspecting the license of a Transfer Endpoint:
As can be seen, Transfer Endpoint limits you to a total of 2 transfer users. This is the main difference between Transfer Endpoint, and Transfer Server. A transfer user is explained above.
As can be seen from the below screen shot it is not possible to add more than two transfer users. Attempting to add an additional user will result in the following error message:
Other differences between Transfer Server and Transfer Endpoint:
Transfer Endpoint does not support user groups. You can have two transfer users, but these cannot be in a group. The Groups tab that is available in Transfer Server, is not available in Transfer Endpoint.
- Sharing Connections
Transfer Endpoint can be used to connect outbound as a client to an unlimited number of remote Aspera endpoints. To initiate an outbound connection you create a new connection by clicking on the Connections button. You then specify the details for the remote endpoint such as username, password and host address. Once saved this connection can be used to connect to the remote endpoint. It can however not be shared with other users of Transfer Endpoint.
Example: Alice logs into the machine where Transfer Endpoint is installed. She logs into Windows with her normal Windows credentials. She opens up Aspera Transfer Endpoint and creates a new connection.
Bob logs into the same Windows machine. He starts Aspera Transfer Endpoint. He will not be able to reuse the connection made by Alice, and will need to configure his own connection.
- Share SSH keys
Aspera can use a public/private SSH keypair to authenticate (log in) a transfer user, or for a remote Aspera endpoint. As with connections, SSH public/private keypairs can be created in Transfer Endpoint but not shared with other users of Transfer Endpoint on the same machine. This means that the created keypair will not be visible/accessible to other users of Transfer Endpoint on the same machine. This is because Transfer Endpoint is designed to be used by a single user on a machine. If Transfer Endpoint is started by another user on the same machine they will need to create their own SSH keypairs, or manually import any SSH keys.
- Using Transfer Endpoint as a transfer node with Aspera web applications (Files, Faspex, Shares, Console
Transfer Endpoint has no support for doing transfers with Aspera web applications and the Aspera Connect browser plug-in. If you wish to support transfers with Aspera Connect you will need a Transfer Server license.
Transfer Endpoint can be added to Aspera web apps as a transfer node. This will enable some types of transfers, but files cannot be uploaded/downloaded using the Connect browser plugin.
APPLICATION USES WITH TRANSFER ENDPOINT Aspera Files Copy/move files between shares Aspera Faspex Relay received files from Faspex server to transfer Endpoint Aspera Shares Copy/move files between shares Aspera Console Simple Transfers and Smart Transfers
Transfer Endpoint can be used with Aspera Files and Aspera Faspex but not for transfers using the Aspera Connect browser plugin. Here is an example of how it can be used:
Aspera Files: Supports share-share transfers. These are transfers between Aspera endpoints, for example between your New York Transfer Server and Kuala Lumpur office, or between the cloud and your London office:
It will however not be possible for users to use Transfer Endpoint to upload/download files just using their browser:
Aspera Faspex has a built-in server-to-server relay capability which will support the relay target being a Transfer Endpoint:
While relaying will work, it is not possible to send or receive a Faspex package using just your browser and the Aspera Connect browser plugin. To support this scenario you must have IBM Aspera High-Speed Sharing Server, which is licensed for Connect as well as Faspex:
- Use Transfer Endpoint with Aspera clients
Transfer Endpoint can only be used with the following clients:
- Aspera Client
- Aspera Drive
You can of course also use Transfer Endpoint with another Transfer Endpoint, or another Transfer Server.
There is no support for using Transfer Endpoint as a "server" to support "direct-to-cloud"; the ability to write directly to cloud object storage is only included in Transfer Server. If you want to support reading and writing directly with object storage, you must have as a minimum IBM Aspera High-Speed Transfer Server.
- High Availability (HA)
Transfer Endpoint is not intended to be deployed HA. Highly Available deployments should use Transfer Server instead, where multi-server cluster licensing is available.