Major Release: IBM Aspera Enterprise Server, Connect Server, Point-to-Point Client, and Desktop Client 3.7.3 for AIX

Product Release: March 21, 2017
Release Notes Updated: March 21, 2017

We are really pleased to announce the release of IBM Aspera Enterprise Server, Connect Server, Point-to-Point Client, and Desktop Client for AIX provides the new features, fixes, and other changes listed below. In particular, the Breaking Changes section provides important information about modifications to the product that may require you to adjust your workflow, configuration, or usage. Additional sections cover system requirements and known problems.

Important Upgrade Preparation: If you are upgrading from a previous version and were using the asperanoded service, you must manually stop asperanoded and ensure the process is no longer running before upgrading.

  • To stop the asperanoded service, run the following command:
    # /etc/rc.d/init.d/asperanoded stop
  • To determine if any asperanoded processes are running, run the following command:
    # ps -Af | grep asperanoded

Desktop Client users: Features and issues related to configuration, the Node API, and Watchfolder are not applicable to your product.

NEW FEATURES

General

  • File checksums SHA-256, SHA-384, and SHA-512 can now be set in aspera.conf. (CIM-269)
  • The Windows Connect Server guide now includes instructions for configuring IIS on Windows Server 2012. (CIM-240, CIM-271)
  • FASP transfers are more secure with upgraded OpenSSL (from 1.0.2i to 1.0.2j).
  • Users can now run asnodeadmin --db-update to migrate a non-local Redis db from Enterprise Server 3.5.6 and earlier versions. The local Redis db is automatically migrated and updated by the installer during upgrades.
  • When using a local URI docroot or destination (such as file:////data), for example when server-side encryption-at-rest is enabled, temporary partial files can now be created during ascp transfers by configuring <partial_file_suffix> in aspera.conf. (CIM-85)
  • Added support for tokens for parent paths in single path transfers. For example, a token built for /general also allows a transfer of a single file or directory named /general/other/subsidiary.
  • Special file permissions (setuid and setgid) are now supported in ascp and the Node API when the permissions are configured in aspera.conf. (CIM-201)
  • A new option in aspera.conf for client-side encryption setting frees users from having to specify a matching value at the command line (-T).
  • Added a client-side configuration option to define a per-user or global default of the SSH key (to help clients used to running ssh without specifying a key if $HOME/.ssh/id_rsa exists).
  • Added support for the hmac-sha2-256 and hmac-sha2-512 algorithms.
  • Added support for the diffie-hellman-group-exchange-sha256 key-exchange algorithm.
  • The option ascp --remove-empty-source-directory for the --remove-after-transfer feature can now be enabled in Aspera Central in the SOAP API; it removes the source directory itself.
  • A man page is now available for asconfigurator.

Ascp

  • Persistent ascp sessions (run with the --keepalive option) can now accept management control messages sent from a server to the remote machine.
  • Improved detection of potential Distributed Denial of Service attempts involving missing or slow SSL negotiation requests. The HTTP fallback daemon now automatically times out (after 20 seconds) connections that do not send a request or are too slow.
  • The ascp management fields "User" and "ClientUser" now reflect the authorization and authentication methods.
  • The performance of the FASP protocol has been enhanced. Compared to prior releases, unencrypted CPU-bound transfers may see an increase of up to 100% in overall throughput; and encrypted CPU-bound transfers may see an increase in overall throughput of up to 20%.
  • A new FASP Manager API feature can be used to send an event when individual arguments, such as directories in persistent sessions, are completed.
  • Resume mode checks in Ascp now use a SHA-2-based MD5 checksum algorithm by default; to configure alternative algorithms, there is a new aspera.conf option.
  • ascp now reads session_timeout_sec from aspera.conf.
  • The command to resume ascp with the command-line argument k2 or k3 now works when a FIPS-140 compatible cipher is set.
  • The <file_create_mode> configuration in aspera.conf is now respected when the docroot is a file URI.
  • Ascp now features new complete include and exclude filter options to support glob and regular expression matching, equivalent to include/exclude options of async.
  • Ascp now includes a new asynchronous “in transfer” post-processing engine with Lua scripts. (This is the first version of this feature, and somewhat experimental.) A Lua interpreter engine is packaged with Enterprise Server, allowing for post-processing, validation, and authorization functions through embedded Lua scripts. Scripts execute asynchronously, and their progress is reported through a new validating state in the transfer session, without delaying completion of the file transfer or slowing the transfer pipeline.
  • Support for full URIs in file lists and file-pair lists.
  • Parallel (multi-session) transfers initiated from the command line can now use a URI for the filepath.
  • SSH private key strings can now be used to authenticate ascp transfers by setting a new environment variable, ASPERA_SCP_KEY.
  • A new ascp option, --dest64, can be used to indicate that the destination path is base64 encoded.
  • ascp now supports multiple private SSH key files (both DSA and RSA keys) that are called on the command line, specified with -i arguments. The keys are tried in order and the process ends when a key passes authentication or when all keys have been tried and have failed authentication.
  • A new transfer scheme, faux://, enables testing a transfer without reading from disk and/or writing to disk, eliminating the need to generate large test sets.
  • The default read/write block size is now set to 256 K (262144 KB) in ascp.

Node API

  • REST-ful /files calls now return full filepaths for admin users.
  • Specific events can now be requested by id using the new /events/{event_id} call.
  • The Node API now supports file locking. Sync and ascp transfers respect the lock status while the file is checked out. File locking can be enabled on the server by setting the<files_filelock_enabled> option in the <server> section of aspera.conf to true.
  • The Node API now supports access keys for IBM Bluemix S3 storage and Google Cloud Storage.
  • A new Node API call returns usage data (bytes transferred in, transferred out, and total) listed by access key.
  • The /ops/transfers API has been improved, including new support for setting transfer rates, bandwidth priorities, and pausing/resuming/canceling active transfers.
  • Transfer and bandwidth statistics are self-cleaning for large numbers of sessions.
  • Asperanoded includes improvements in the /info and / API response, such as support for content protection settings.
  • In Node API, the parameters iteration_token and after_time can now both be used with the APIs /ops/transfers and /events; the parameters can be used together or separately. The parameters are set in aspera.conf according to the following policy:
    • If no value is available for count, use the value set in max_response_entries.
    • If count is present, return the lower number of responses of count and max_response_entries.
  • The status of files and transfers can now be reported by iteration token from the Node API. For example, if the user specifies an iteration token tohttps://node:9092/ops/transfers?iteration_token=1234, file and transfer information since iteration_token=1234 are displayed.
  • A new Node API call returns usage data (bytes transferred in, transferred out, and total) listed by usage_id.
  • A new Node API call returns verbatim the content of a file within the file size restriction set in aspera.conf.
  • A Node API /files/browse now uses a configurable aspera.conf option to retrieve the preserved modification times for ascp uploads.
  • The Node API now returns events for the creation, rename, and deletion of files using the Node API, in addition to file transfer events. (CIM-52)
  • Node API /transfers and /opt/transfers take a multi_session field to split a given transfer job between multiple ascp sessions, possibly over multiple nodes when using a cluster as an initiator. Functionality: this adds a default multipart aspera.conf configuration directive to use when one is not specified by the API call.
  • Support for the multi-session threshold feature in node (file.json) transfers.
  • /ops token authorization now uses SHA-2 as the default checksum, rather than SHA-1.
  • Default and allowed SSL ciphers have been updated to eliminate support for 3DES and to align the defaults with hardened versions.
  • A new case-insensitive filter can return filename matches regardless of case to Aspera Files.
  • File modification events, including delete and rename, are now logged to redis/scalekv.
  • Asperacentral has a new raw options capability that allows users to authorize the use of raw format ascp options by configuring aspera.conf.
  • The access key and token secret of a Node API user are now passed on to Aspera Central, such that ascp is run with the environment variables associated with that user.
  • SSH private key strings are now are now supported in the Node API through a new JSON element, ssh_private_key.

Sync

  • Sync is now documented for AIX. Below are highlights of new Sync functionality. For more information, see the IBM Aspera Sync Admin Guide 3.7.3 for AIX.
  • On machines with Unix-based operating systems, a new value, inode, is available for the --dedup option. In this mode, when two or more source files have matching inodes, a hardlink is created between them on the target and the target files have matching inodes.
  • Sync with S3 is now supported and documented.
  • Improved Sync shutdown process when a Sync session is stopped.
  • Sync sessions can now be filtered using the <filter> configuration in aspera.conf. Command line filters are applied after aspera.conf settings. If filtering is not always desired, configure filters for one user. Sync sessions run by that user are filtered while sync session run by other users are not.
  • Sync now supports access key authentication. Access keys provide an alternative to the security credentials of a node user or system user. Because an access key is restricted to its own storage (local or cloud), it allows access control and usage reporting to be segregated by storage. This offers significant benefits to multi-tenant service providers and enterprise installations with multiple departments. This also allows async to run on Aspera Files and for other REST-ful applications.
  • A new asyncadmin option prints file attributes (mtime, recursive mtime for directories, and checksum).
  • Sync now preserves POSIX attributes in the event that file attributes change but file contents do not (times, UID, GID).
  • The new recursive mtime option enables the exclusion of directories and files older than a configured timestamp.
  • The new --delete-delay option allows the delete operations in a unidirectional sync to be delayed until the end of the synchronization.
  • When using the --keep-dir-local or --keep-dir-remote options, locating the keep-dir under the same directory as the sync directory is no longer an error condition as long as the keep-dir has been added to the exclude list.
  • The Async library now takes a license as a parameter. If the library doesn't get a license on initialization, it can still search for one on the disk, as it does currently.
  • async now accepts external cookies, tags, and reports through management.
  • Sync also has three new options for preserving timestamps.

Watchfolder and Aspera Watch Service

Watchfolders and the Aspera Watch Service are now supported on AIX.

The Aspera Watch Service (asperawatchd) is a file system change detection and snapshot service optimized for speed, scale and distributed sources. It discovers changes (new files and directories, deleted items, and renames) in source file systems immediately as they occur, eliminating the need to scan the file system. It is automatically installed and started with the installation of Enterprise Server, Connect Server, Point-to-Point Client, and Desktop Client.

The Aspera Watchfolder service (asperawatchd) enables large-scale, automated file and directory transfers including ultra-large directories with over 10 million items and "growing file" sources. Watchfolders uses input from asperawatchd to automate file transfers from a source folder to a destination system. Watchfolders runs on the client side only and the recipient Aspera server endpoint does not need additional software components to support receiving data. Operators can specify local or remote post-transfer processing steps to be executed once the drop has been transferred. A valid, watchfolder-enabled license is required to use this feature.

Other Changes

  • The pre/post variable TOKEN is no longer valid.
  • Activity bandwidth logging is no longer enabled by default.

Breaking Changes

If you are upgrading from a previous release, the following changes for this release may require you to adjust your workflow, configuration, or usage.

  • For REST-ful operations (such as the Node API /files call and ascp run with file IDs), file events as returned by the Node API /events call, no longer show file paths. Instead, they return values for parent_file_id, file_id, and the filename. File events for RPC-style calls to /files and non-file-id ascp transfers remain unchanged (reporting file_id and file path).
  • Recursive counts are now disabled by default, but must be enabled in order for Aspera Files to use this feature. Workaround: Edit the <server> section in aspera.conf such that<files_recursive_counts_workers> is set to 5:
    <server>
        <files_recursive_counts_workers>5</files_recursive_counts_workers>
    </server>
  • Multi-session (parallel) transfers from 3.5 clients are no longer compatible with 3.6 and newer servers. This is due to a change in how files are split and how the splitting of individual files is configured on both versions. Workaround: Upgrade the client side to 3.6 or newer.

  • With the implementation of new inline validation options, existing users with inline validation enabled must set the validation provider to uri or lua_script. uri replaced external and lua_script replaced lua. To set the validation provider, run:
    asconfigurator -x "set_node_data;validation_threshold,uri"

How to Upgrade

This 3.7.3 release is available for download for each individual product listed below. Aspera’s support team stands by ready to help you as needed with upgrades. If you have any questions or would like upgrade assistance, please contact support@asperasoft.com. You can also read the full release notes which includes links the admin guides for each product and operating system.

  • Aspera Enterprise Server 3.7.3 is available for download here
  • Aspera Connect Server 3.7.3 is available for download here
  • Aspera Point-to-Point Client 3.7.3 is available for download here
  • Aspera Desktop Client 3.7.3 is available for download here

The full release notes are available here

These releases are also available at the IBM Passport Advantage site.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk