Getting Started with Aspera on Any Private or Public Cloud Using Swift Storage

Overview

This article is for customers who want to deploy Aspera On Demand on an instance of any private or public cloud that uses Swift storage and to enable data transfer to and from a Swift container. 

Prerequisites

This article assumes the following:

  • You have created a Swift container
  • You have a cloud instance launched
  • You know how to generate an ssh key pair
  • You need to be able to ssh into your server as root

System Requirements

  • Linux Kernel must be at 2.6.34 or higher.  Use "uname -a" to verify

Procedures

1) SSH into your instance as root and configure the server

  # ssh root@[host_IP_address]

a) Update sshd_config to enable port 33001, password authentication and root login

It is well known that SSH servers listen for incoming connections on TCP Port 22. As such, Port 22 is subject to countless, unauthorized login attempts by hackers who are attempting to access unsecured servers. A highly effective deterrent is to simply turn off Port 22 and run the service on a seemingly random port above 1024 (and up to 65535). To standardize the port for use in Aspera transfers, we recommend using TCP/33001.

# vi /etc/ssh/sshd_config

To enable TCP/33001, add Port 33001 in your/etc/ssh/sshd_configfile (where SSHD is listening on both ports). As demonstrated below.  SSHD is capable of listening on multiple ports.

...
Port 22
Port 33001

In addition, you need to enable password authentication. 

...
# Authentication
...
PasswordAuthentication yes

Restart sshd after making the changes.     

   # service sshd restart    

b) Check local Firewall

Make sure your local Firewall supports Aspera or is disabled.  For Firewall requirements, please refer to your product guide and read this article

c) Check /etc/hosts file

Verify /etc/hosts file contains an entry for 127.0.0.1 localhost.

d) Disable SELINUX. 

NOTE: If done incorrectly, your system may become not bootable.

e) Create system user accounts and set passwords

Your Aspera server uses your system accounts to authenticate connections. These system accounts must be added before attempting an Aspera transfer.

2) Install Aspera v.3.6.x or higher

Use your customer login credentials to download Aspera installer and product guide from our website. http://downloads.asperasoft.com/downloads.  If you don't know your login credentials, please contact your account manager or Aspera Support at support@asperasoft.com.  Follow the instructions documented in the product guide to install and set up Aspera.

Installer packages for Aspera Faspex On Demand (FOD) are:
aspera-common-1.1.22.117256-0.x86_64.rpm
aspera-entsrv-3.6.0.119278-linux-64.rpm
aspera-faspex-3.9.3.110840-0.x86_64.rpm
aspera-ondemand-init-base-3.6.0-119289.noarch.rpm
aspera-ondemand-init-fod-3.6.0-119289.noarch.rpm
aspera-ondemand-tools-3.6.0-119289.noarch.rpm

Installer packages for Aspera Shares On Demand (SHOD) are:
aspera-common-1.2.15.115916-0.x86_64.rpm
aspera-console-3.0.5.119278-0.x86_64.rpm
aspera-entsrv-3.6.0.119278-linux-64.rpm
aspera-ondemand-init-base-3.6.0-119289.noarch.rpm
aspera-ondemand-init-shod-3.6.0-119289.noarch.rpm
aspera-ondemand-tools-3.6.0-119289.noarch.rpm
aspera-shares-1.9.3.118993-1.x86_64.rpm

Installer packages for Aspera Console On Demand are:
aspera-common-1.2.15.115916-0.x86_64.rpm
aspera-console-3.0.5.119278-0.x86_64.rpm

Installer package for Aspera Server On Demand (SOD) is:
aspera-common-1.2.15.115916-0.x86_64.rpm
aspera-console-3.0.5.119278-0.x86_64.rpm
aspera-entsrv-3.6.0.119278-linux-64.rpm
aspera-ondemand-init-apod-sod-3.6.0-119289.noarch.rpm
aspera-ondemand-init-base-3.6.0-119289.noarch.rpm
aspera-ondemand-tools-3.6.0-119289.noarch.rpm
aspera-shares-1.9.3.118993-1.x86_64.rpm

3) Enable Entitlement

Once Aspera Server is successfully installed, run the ALEE command to register the information. In example below, foo is the Customer ID and d1234567-7fac-409d-9200-e2cb1234567c the Entitlement ID

# /opt/aspera/bin/asalee-config.sh enable
# service asperanoded restart
# /opt/aspera/bin/alee-admin register foo d1234567-7fac-409d-9200-e2cb1234567c

NOTE: Faspex v.3.7.8+, Shares v.1.7.3+ and Console v.2.3.2+ have its own entitlement steps.  If you installed any of these products, please see the following instructions.

To entitle Faspex v.3.7.8 or higher

# export RAILS_ENV=production 
# asctl faspex:rake entitlement:config_license_server EL_KEY="d1234567-7fac-409d-9200-e2cb1234567c" EL_CUSTOMER_ID="foo"

To entitle Shares v.1.7.3 or higher

# /opt/aspera/shares/bin/run bash -c 'cd /opt/aspera/shares/u/shares && RAILS_ENV=production bundle exec rake aspera:ami:entitlement:config_license_server EL_KEY="d1234567-7fac-409d-9200-e2cb1234567c" EL_CUSTOMER_ID="foo"

To entitle Console v.2.3.2 or higher

# cd /opt/aspera/console/
# export RAILS_ENV=production
# export PATH=/opt/aspera/common/ruby/bin:$PATH
# rake aspera:ami:entitlement:config_license_server EL_KEY="d1234567-7fac-409d-9200-e2cb1234567c" EL_CUSTOMER_ID="foo"

4) Enable trapd

Enable trapd if you plan to transfer data from and to Swift Storage.

# /opt/aspera/bin/astrap-config.sh  enable

5) Enable transfer user to Swift Storage

Use asconfigurator to set docroot for the transfer user.  Using this syntax: swift://username:API-Key@Authentication-Endpoint/bucket-name to set the docroot of the transfer user.  In this example, the transfer user is "xfer".  Please note your user name, API key and Authentication Endpoint might contain one or more special characters: +, /, :, &, or @. Replace all "+" with "%2B",  all  "/"  with "%2F", all ":" with "%3A", all "&" with "&amp" and all "@" with "%40".

@ = %40
: = %3A
/ = %2F
+=%2B
& = &amp

#asconfigurator -x "set_user_data;user_name,xfer;absolute,swift://username:api_key@ObjectStorageURI/bucket_name?aspera.swift.endpoint.auth-path=%2Fauth%2Fv1.0"

then restart noded

# service asperanoded restart 

6) Verify docroot for the transfer user

Run asuserdata to verify user docroot.  Assume "xfer" is the transfer user.

# /opt/aspera/bin/asuserdata -u xfer

output for "docroot option set" should be the following

  ...

  docroot option set:
      canonical_absolute=swift://username:API-Key@Authentication-Endpoint/bucket-name
      canonical_show_as=/
      absolute: "swift://username:API-Key@Authentication-Endpoint/bucket-name

  ...

 7) Run test transfers

Use Aspera Client, P2P or Enterprise Server (or Connect plug-in if you install Shares/Faspex/Connect Server on your instance) to run test transfers with your Aspera server on your private/public Cloud.

(On your client machine) Initiate a transfer to Aspera server on your private/public Cloud

To do so, run the following command on your client machine (wherexferis our example transfer user):

$ ascp -P 33001 -T --policy=fair -l 10000 /client-dir/files xfer@instance.ip.address:/

Please refer to the product guide if you need more details on how to set up test transfers.

Have more questions? Submit a request

1 Comments

  • Avatar
    Yu Xing YX Wang

    I got the following issue. anything i missed?

    root@hkg02dep001ccz023:~/nick# ascp -P 33001 -T --policy=fair -l 10000 /root/nick/data1.file root@localhost:/

    Password:********

     

    Session Stop  (Error: Server aborted session: Session initiation failed)

Please sign in to leave a comment.
Powered by Zendesk