Installing HSTS

To install HSTS, log into your computer with root permissions.

About this task

Procedure

  1. Download HSTS from https://www.ibm.com/products/aspera/downloads.
    If you need help determining your firm's access credentials, contact your Aspera account manager.
  2. For product upgrades, ensure you have prepared your system to upgrade to a newer version.
    Although the installer performs your upgrade automatically, Aspera highly recommends completing the tasks described in Before Upgrading or Downgrading . If you do not follow these steps, you risk installation errors or losing your configuration settings.
  3. Run the installer.
    Run the following commands with the admin permissions. Replace the product version with that of your package.
    OS Commands
    RedHat, zLinux, CentOS 
    $ rpm -Uvh /path_to_installer/aspera-hsts-version.rpm
    Note: If your Linux OS is a minimal clean system, ensure that all the required dependencies are installed with your Aspera application by installing the product with a yum install:
    $ yum --nogpgcheck install /path_to_installer/aspera-hsts-version.rpm
  4. If you are using a perpetual license, rename and install it now. (instead of an entitlement) install it.
    The license can be installed by using the GUI or from the command line.
    • GUI: Launch the application by running the following command as root:
      # asperascp

      If this is a fresh install, an Enter License window appears. Either click Import License File and select the license file, or click Paste License Text to copy-and-paste the license file's content. The license information will appear in the window. Verify that it is correct and click Close.

    • Terminal: Create the following file: 
      /opt/aspera/etc/aspera-license

      Copy and paste your license key string into it, then save and close the file. To verify the license information, run the following command: 

      $ ascp -A
  5. If you are using an entitlement, set it up.
    Run the following commands to start the ALEE service, restart asperanoded, and register your entitlement: 
    # /opt/aspera/bin/asalee-config.sh enable
# /opt/aspera/bin/alee-admin register customer_IDentitlement_ID
# systemctl restart asperanoded

    The output information includes when the Aspera entitlement server was last reached.

    Verify that you can now reach the Aspera entitlement server with the following command:
    # curl -i https://api.ibmaspera.com/metering/ping
    The output should include HTTP/1.1 200 OK.
  6. Launch the HSTS application. In Finder go to Applications > IBM High-Speed Transfer Server. Double-click to launch.
  7. If you plan to use Watch Folders, enable the services that allow asperarund (the service that manages Watch Folders) to automatically start after a reboot.
    For Debian OS, run the following commands:
    # systemctl enable systemd-networkd
# systemctl enable systemd-networkd-wait-online.service

    For RedHat, zLinux, and CentOS, run the following commands:

    # systemctl enable NetworkManager
# systemctl enable NetworkManager-wait-online.service
  8. Edit OpenSSH authentication methods.
    1. Open your SSH Server configuration file from /etc/ssh/sshd_config with a text editor.
    2. To allow public key authentication, set PubkeyAuthentication to yes. To allow password authentication, set PasswordAuthentication to yes.

      For example,

      ... PubkeyAuthentication yes 
PasswordAuthentication yes ...
    3. Save the file then reload the SSH service.
    4. Restart the SSH server to apply new settings.
      Restarting your SSH server does not affect currently connected users. 
      # systemctl restart sshd.service
      or for Linux systems that use init.d: 
      # service sshd restart
    5. To further secure your SSH Server, see Configuring the SSH Server.
  9. Secure your server or update your existing configuration.
    1. Configure your firewall (see Configuring the Firewall).
    2. Change and secure the TCP port (see Configuring the SSH Server).
    3. Determine if you want to use server-side encryption at rest. See Server-Side Encryption-at-Rest (EAR) for instructions on configuring this from the command line.

Upgrade Follow up

Procedure

  1. If you were using asperawatchd or Watch Folders in version 3.6.1 or earlier, manually migrate any services that are run by a user other than root.
    The installer does not automatically migrate asperawatchd or asperawatchfolderd for users other than root, and you must manually start their services after upgrade:
    1. Confirm that the user has a docroot set in aspera.conf.
      To view the user's settings, run:
      # /opt/aspera/bin/asuserdata -u user

      If a value is not set for absolute in the docroot option set section, set a docroot by running the following command:

      # /opt/aspera/bin/asconfigurator -x "set_user_data;user_name,username;absolute,docroot"
    2. Confirm that the user has permissions to write to the log directory.
      To view the log directory settings, run:
      # /opt/aspera/bin/asuserdata -a

      Look for the values for rund_log_dir and watch_log_dir. If they are set to "AS_NULL", then the logs write to the default directory (/var/log/messages).

    3. Start asperawatchd and asperawatchfolderd for the user by running the following commands: 
      # /opt/aspera/sbin/asperawatchd --user username
# /opt/aspera/sbin/ asperawatchfolderd --user username
  2. If the Redis database is run on another system: Update the KV store keys to the latest format.
    The local Redis database schema is automatically updated by the installer, but non-local Redis databases must be manually updated by running the following command as root :
    # /opt/aspera/bin/asnodeadmin --db-update
  3. If you have a backup of modified daemon start up scripts for asperacentral and asperanoded, copy your modifications into the new versions of these scripts. Restart the services to activate your changes.
  4. For all upgrades: Validate aspera.conf.
    The aspera.conf file is not overwritten during an upgrade and your configurations are preserved. However, the XML formatting, parameters, and acceptable values may have changed between your old version and new version. Run the following command to check aspera.conf for XML form and valid configuration settings:
    # /opt/aspera/bin/asuserdata -v