IBM Aspera Enterprise Server and Connect Server for Isilon 3.6.2

Product Release: August 1, 2016

Release Notes Updated: August 1, 2016

WHAT'S NEW

This release of IBM Aspera Enterprise Server for Isilon provides the new features, fixes, and other changes listed below.

New Features

  • The default read/write block size is now set to 256 K (262144 KB) in ascp.
  • ascp now supports multiple private SSH key files that are called on the command line, specified with -i arguments. The keys are tried in order and the process ends when a key passes authentication or when all keys have been tried and have failed authentication.
  • Support for the hmac-sha2-256 and hmac-sha2-512 algorithms.
  • Support for the diffie-hellman-group-exchange-sha256 key-exchange algorithm.
  • In Node API, the parameters iteration_token and after_time can now both be used with the APIs /ops/transfers and /events; the parameters can be used together or separately. The parameters are set in aspera.conf according to the following policy:
    • If no value is available for count, use the value set in max_response_entries.
    • If count is present, return the lower number of responses of count and max_response_entries.
  • Support for tokens for parent paths in single path transfers. For example, a token built for /general will also allow a transfer of a single file or directory named /general/other/subsidiary.
  • The command to resume ascp with the command-line argument k2 or k3 now works when an FIPS-140 compatible cipher is set.
  • ascp forward proxy supports DNS names pointing to multiple proxies.
  • The option ascp --remove-empty-source-directory for the --remove-after-transfer feature can now be enabled in Aspera Central in the SOAP API; it removes the source directory itself.
  • Node API /files/browse now uses a configurable aspera.conf option to retrieve the preserved modification times for ascp uploads.
  • A new option in aspera.conf for client-side encryption setting frees users from having to specify a matching value at the command line (-T).
  • A new client-side configuration option allows the user to define a per-user or global default of the SSH key (to help clients used to running ssh without specifying a key if $HOME/.ssh/id_rsa exists).
  • Support for full URIs in file lists and file-pair lists.
  • Support for the multi-session threshold feature in node (file.json) transfers.
  • ascp now reads session_timeout_sec from aspera.conf.
  • Node API /transfers and /opt/transfers take a multi_session field to split a given transfer job between multiple ascp sessions, possibly over multiple nodes when using a cluster as an initiator. Functionality: this adds a default multipart aspera.conf configuration directive to use when one is not specified by the API call.

Breaking Changes

  • Parallel transfers started with the Aspera ascp Client on ES 3.5—transferring to ES 3.6 with the -C option—fail with the error Session Stop (Error: Session initiation failed).

ISSUES FIXED IN THIS RELEASE

Issues Fixed in this Release

#35750 - The ES for Isilon uninstall.sh script does not uninstall ascp and other Aspera binaries.

#35378 - asperahttpd crashes when resuming an existing ascp transfer.

#34691 - HTTP fallback upload of existing folder fails with Error: One or more files failed (Code: 27).

#34419 - The user is unable to download encrypted files with an incorrect decryption passphrase. (This is stilll an issue when using HTTP fallback; see ticket #34811 in the Known Issues section).

#34228 - The error ERR cannot read content-protect parameters should display as a warning instead.

#34166 - Memory leaks in asperanoded result in system crashes.

#34139 - Delete-before-transfer is not working for a SMB\CIFS path.

#33978 - Ability to check for sshkey path in $HOME/.ssh not functioning properly.

#33567 - When server-side encryption-at-rest (EAR) is configured for local storage using file:///<path> docroot, the aspera.conf chunk_size parameter must be set.

#33536 - When the database is configured on a remote machine, and db_host is set, ascp attempts to connect to the local database.

#33313 - When using CLI to transfer and preserve XATTRs, XATTRs are not preserved with a file reporting as 0 KB.

#33233 - Basic tokens are stored and can be reused to make arbitrary transfers.

#33011 - asdelete fails to connect to the server.

#31962 - File checksums are not prohibited for Node mulitpart transfer.

SYSTEM REQUIREMENTS

Isilon OneFS: 8.0

PACKAGE INFORMATION

Isilon 8.0: aspera-entsrv-3.6.2.128831-isilon-8.0-64-release.tar
md5: 716ea1943b576a2abe5c534e78621d01
sha1: 241703ac24ad405c8a6bed9cc2d278df57b9850f

KNOWN ISSUES

#35952 - asunprotect cannot decrypt a re-protected file.

#35592 - The log rotation for ES for Isilon 7 does not accept J as a zipper; J as bzip2 is not recognized by Isilon and therefore the logs are not compressed. Workaround: Use Z (gzip).

#35453 - Parallel transfers started with the Aspera ascp Client on ES 3.5—transferring to ES 3.6 with the -C option—fail with the error Session Stop (Error: Session initiation failed).

#35255 - When Japanese characters that include the voiced sound mark are used to name a directory in Connect Server, the following issues may occur:
  • The upload fails without an error message.
  • The download fails with the error code 43: The specified path cannot be found.

#34811 - The user is unable to download encrypted files with an incorrect decryption passphrase when using HTTP fallback.

#33212 - There is a missing vlink_init line in the ascp client log for an upload vlink (cookie) set on the client.

#33206 - /ops/transfers erroneously shows some queued transfers (which are farther down in the queue) as failed before they have completed.

#33094 - ascp delete-before-transfer does not support URI storage.

#32934 - Some HTTP fallback transfers may appear to complete but then lose connection with the server and subsequently attempt to retransfer. This behavior has been observed only when the client system has an installation of the Internet accountability software Covenant Eyes, which captures the entire HTTP transmission before forwarding it to the server. If the file is large enough that this process takes longer than about 20 seconds, the server generates an inactivity timeout and cancels the session. Workaround: Reduce the probability of timeout by increasing the timeout length. This can be done by changing the Session Activity Timeout value in the HTTP Fallback tab in the server's configuration settings, or by using the asconfigurator settings, for example:
asconfigurator -x "http_server;session_activity_timeout,1200"

#32890 - In a successful transfer from the client to the server, ascp fails to copy the metafile and thus it does not tranfer with the data file.

#32680 - The option to create a directory (ascp -d) may create a directory at a destination before an expected session failure.

#32669 - When a directory is linked from a subdirectory, it does not appear in the search result for a /files/search request in the Node API.

#32627 - When a filename is just a dot and an extension, (for example, .pdf), then it is reported as a file with "content_type"=>"application/pdf" or a hidden file named PDF; for example:
{"id"=>"27", "name"=>".pdf", "size"=>12, "content_type"=>"application/pdf", "type"=>"file", "modified_time"=>"2015-09-10T15:24:01Z", "access_level"=>"edit", "permission_count"=>0}

#32553 - When the FASP Session log source file list exceeds 500 bytes and contains multibyte UTF-8 characters, the output is truncated in a manner that creates an invalid UTF-8 sequence.

#32517 - Retransfer requests are unencrypted when transfers are encrypted. This can cause transfer failures in some scenarios, such as a network device dropping the retransfer request because it detects a bit sequence it considers malicious.

#32080 - An error message spams the log file used by asperanoded each time the console attempts to check the node for the status. A second error can occur when the end user fills in a docroot but doesn't have a valid system user; this results in an error that also spams the log file used by asperanoded.

#31423 - It is possible for an ascp transfer of a file on a full disk to be reported as successful by both the sender and the receiver.

#30690 - ascp fails with an inaccurate message—Error: failed to authenticate—when a server is configured to only accept ciphers that are no longer supported.

#30616 - On Isilon, asconfigurator fails with an error that there is no space left on the device. If this occurs, restart the server so that handles are released.

#29787 - When the docroot is not configured, the HTTP error code 500 ("Internal Server Error") is returned.

#29372 - In a Connect Server installation using an Isilon cluster for storage, some icons and checkboxes expected in the directory display are missing.

#29078 - When an access key is created using the standard node user authorization, the access key inherits that node user and its associated system user. Afterwards, asnodeadmin can be used to associate a new system user to the node user, but the new system user is not updated for the access key.

#28887 - When a file or directory is moved using the --exclude command, the old file or directory is not removed from the remote side.

#28683 - asp-check.sh docroot warning message: If global docroot is enabled, asp-check.sh reports the root user as insecure.

#28679 - In some cases, the fallback server does not respond.

#28288 - When the FIPS mode in aspera.conf is set to true, ascp fails with the error message, "ascp.exe: failed to authenticate, exiting.", without prompting the user for a password.

#28219 - asperanoded fails to delete a directory name containing backslashes. Workaround:
  1. Stop node.
  2. At the command prompt, issue the command ulimit -S -n 2048.
  3. Restart node in the same command-line window or shell (the limit is shell-specific).
  4. Send in the same /files/delete request as you did before; the head and everything in it will be removed.
Note: Prior to the command in Step 2 above, one can find out the current limit in a shell by issuing the command ulimit -a | grep "open files".

#27908 - When asperacentral has database errors, it continues to allow new transfers.

#27879 - always_set_home does not work if the user's home directory does not exist.

#27439 - Cannot install on Fedora due to "Missing security signature". Workaround: Install from the command line only, as documented.

#27007 - Aspera clients on UNIX systems will use the HTTP_PROXY and HTTPS_PROXY environment variables when configured to use a FASP proxy. These variables are not used in HTTP Fallback.

#25865 - Allowing symbolic links to be copied also allows access to locations outside the docroot.

#25127 - HTTP fallback temporary files (*.haspx) are not filtered out by the Node API.

#25042 - In the server-side aspera.conf, the none option for file checksum reporting is no longer supported; only md5 and sha1 are supported. The any option means allow the checksum format to be whichever format the client requests. On the client side, the none option is still available, as a command-line option. A setting of any on the client side results in an error with the message "ascp: unknown file checksum type any".

#24780 - Both --preserve-acls and --remote-preserve-acls need to be specified in order for the target side of the pull to apply the acls.

#24671 - DB logger logs each file twice when the transfer is between a source and destination that are on the same node.

#24390 - HTTP Fallback upload operations fails with the message "Failed to create HTTP session on server!".

#23583 - Certain option values for asperacentral job submission are case-sensitive.

#23434 - Node API: Files that start with "._" are not returned by the Node API browse action.

#23246 - Warnings are not generated about files skipped due to source base setting.

#23070 - If a transfer of several files is interrupted, the retries generate a "no such file" error for any already-transferred files.

#22998 - If the overwrite setting in the server's aspera.conf is deny, a destination file with the same name as the transfer file is still overwritten.

#22619 - In the Node API, file searches now follow symbolic links.

#21978 - ES is unable to view logs as superuser.

#21604 - Extremely large socket buffer value causes overflow, resulting in an error when creating a UDP socket.

#20617 - The SOAP API does not return an error when invalid values are passed into any of a number of parameters. Instead of returning an error, a transfer is either created with a default value, or the bad value is passed to ascp where it will fail.

#20576 - Target Rate must be in the range 0–100 if TargetRateAsPercentage is yes; however, setting a target rate greater than 100 does not return an error. (Note that rate percentage is a deprecated feature.)

#20002 - Inconsistent behavior regarding symbolic link following: /files/browse doesn't follow the links and reports links and their target (final type and next name), while /files/info reports symbolic links as files or directories.

#18659 - Searching with very long pathnames (over 520 characters) results in an "insufficient buffer space" error.

#18530 - FASP now accept and verify SSH remote-host keys.

#18402 - When an XML job greater than 1 KB is submitted, the related message in syslog is truncated.

#18368 - Files with a backslash in the filename are not displayed in the list when the user browses the remote source on the new package page.

#16390 - Unicode filenames appear incorrectly in pre-processing and post-processing email notifications.

#13450 - The -C option does not work for special storage (docroot or direct).

#12972 - A log message is no longer generated for prepost execution.

#11550 - If preserve_attributes is set to none on the server side, when downloading a single file with the -p option, the file has an invalid atime value.

#8534 - IPv6 requires ascp to have the -6 option, which is currently disabled on the server side if the user is configured for aspshell.

#6448 - When your regional and language options are set to language standards and formats that do not use "." to represent the decimal point, values are displayed inconsistently using both "." and the native character to represent the decimal point.

PRODUCT SUPPORT

For on-line support resources for Aspera products, including raising new support tickets, please visit the Aspera Support Portal. Note that you may have an existing account if you contacted the Aspera support team in the past. Before creating a new account, first try setting a password for the email that you use to interact with us. You may also call one of our regional support centers.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk