Guide to configure Aspera ES and CS work with NAS that’s not in a domain

Guide to configure Aspera ES and CS work with NAS that’s not in a domain

Version 0.9a  13.Sep.2011 Eric


Customer environment:
OS: Windows server 2008 R2 Enterprise
Directory service: MSFT AD
Storage: NAS, (not in AD).
Aspera server: Aspera connect server 2.7.3
3rd party software required: Bitvise WinSSHD

Requirements:
Configure Connect server to access NAS that is not joined in Domain, NAS accessed by a NAS local account. The CS server OS is Windows 2008 R2, both joined Domain, all applications/services (include Aspera) access NAS through a single NAS login account.

Pre-installation Checklist:
1. Make sure the Windows server joined domain as member server only. (DC role will have permission issue).
2. Firewall are opened for required ports, please refer to admin guide for details.
3. Have the following items ready for installation.
    • Domain admin account (required during installation).
    • Create a domain user group for Aspera users and add all aspera users to the group
    • Download latest Aspera software package and licenses to both servers.
    • Download Bitvise WinSSHD to both servers.

Installation and configuration:
Step1: Follow the Connect server admin guide to install Connect server

Note1: Can use local account as service account in this case, Not necessary to use domain account.
Note2: Edit the aspera.conf file found at %PROGRAM FILES%\Aspera\Enterprise Server\etc after install complete, add the following right after <CONF version="2">
<WEB
   SshPort = "33001"
   UdpPort = "33001"
   PathMTU = "0"
   HttpFallback = "no"
   HttpFallbackPort = "8080"
   HttpsFallbackPort = "8443"
   EnableDelete = "yes"
   EnableCreateFolder = "yes"
   AsperaServer = ""
   MinimumConnectVersion = "0.0.0.0"
   EnableUserSwitching = "no"    // set to yes to enable user switch from web interface
   HideRestrictedFolders = "yes"
/>

Step 2 Disable OpenSSH
Follow the below step to disable OpenSSH
 
 
 
Step 3 Bitvise installation and configuration
Follow the below steps to disable OpenSSH and install Bitvise WinSSHD.

1.) Install Bitvise WinSSHD server.
Select "Standard edition" during installation.
.
 
Select “Close without change” after install complete, we will configure Bitvise Manually.
.

2.) Configure WinSSHD,
Use the "edit advanced settings" from WinSSHD control panel.  
 
Go to Windows groups in the left pane, remove the default "Everyone" Windows group, then add a new one for Aspera Domain user group.
.

 

3.) click on the "on-logon command" item in the left pane, fill in the command box In the right pane with the following:
net use <drive:> \\<server IP or name>\<share> /user:<share user ID> <share password>
<drive:> The drive letter you will use for the users docroot.
<server IP or name> The IP address or netbios name of the storage.
<share> The share name
<share user ID> The name of the user authorized to read and/or write to the share
<share password> The password of the user authorized to read and/or write to the share




4.) click on the "on-logoff command" item in the left pane.  In the right pane, fill in the command box with the following:
net use <drive:> /delete
<drive:> the drive letter used in step 4.


    
 
5) Click ok to apply the changes, and start WinSSHD service from Bitvise configuration windows. WinSSHD setup is complete.

Step 4 User docroot configuration
Add Aspera Domain user group in the Aspera enterprise Server GUI and setup docroot (Need to create user's directory before add to docroot, Aspera won't create it if the directory doesn't exist).  
 
Add Aspera user group to Aspera server.
 
Configure docroot for Aspera users with $USER environment variables.

Note 1: If using environment variables like $USER in docroot, the setting needs to be placed in “Global” rather than “Groups”, because Bitvise doesn't set the USER and LOGNAME environment variables, the work around is to set the docroot in "Global".
Note 2: Can use both UNC path and assigned drive letter in docroot, both work.

Perform test transfers from GUI (upload/download) to assure the docroot mapping is configurated correctly

Step 5 Config web interface to access NAS, (Option, only if using Aspera Connect server)

1. Place the global.asa file (see reference section) into:
%PROGRAM FILES%\Aspera\Enterprise Server\var\www
2. Edit global.asa to change the following variables:    
strLocalDrive = "XXZ:"
strRemoteShare = "\\Server\Share"
strUsr = "UserID"
strPas = "Password"
strLocalDrive: must be set to match the drive letter used in step 4 of the WinSSHD setup.
strRemoteShare: must be set to match the IP address or netbios name of the storage server AND the share name
strUsr: is the name of the user authorized to read and/or write to the share
strPas: is the password of the user authorized to read and/or write to the share
 
Note: Use the same information as Winsshd “on-logon command”.
Note: There must be NO trailing slash on strRemoteShare

3. Restart IIS and perform transfer tests from web interface to confirm all setup correctly.

point the browser to:
http://localhost/aspera/user/  
You will be prompted for a user ID and password.  When these are entered, you should see the contents of the storage server's share.


References

global.asa (see attached file)
 

Attachments

Have more questions? Submit a request

1 Comments

  • Avatar
    Arnd Kohrs

    I used this guide with a customer to directly transfer to an Isilon.  It worked as advertised.  Thank  you.

Please sign in to leave a comment.
Powered by Zendesk