Installing HSTS

To install HSTS, log into your computer with root permissions.

Important: If this is a product upgrade, review all prerequisites described in Before Upgrading or Downgrading.
  1. Download the HSTS installer.
    Use the credentials provided to your organization by Aspera to access:

    https://downloads.asperasoft.com/en/downloads/7

    If you need help determining your firm's access credentials, contact your Aspera account manager.

  2. For product upgrades, ensure you have prepared your system to upgrade to a newer version.
    Although the installer performs your upgrade automatically, Aspera highly recommends completing the tasks described in Before Upgrading or Downgrading . If you do not follow these steps, you risk installation errors or losing your configuration settings.
  3. Run the installer as root: 
    # bash ibm-aspera-
      
      hste
      
      -version-release.sh

    An example of version is: 3.9.0.119806-aix-7.1-ppc32

  4. Installation troubleshooting.
    If the installer freezes during installation, another Aspera product might be running on your computer. To stop all FASP transfer-related applications and connections, see Before Upgrading or Downgrading.
  5. Install the license.
    1. Create the Aspera license file and paste your license key string into it. 
      /opt/aspera/etc/aspera-license
    2. Save and close the file.
    3. Verify that the license successfully installed: 
      
              #
              ascp -A
    To update your product license after the installation, see Updating a Perpetual License.
  6. Edit OpenSSH authentication methods.
    1. Open your SSH Server configuration file from /etc/ssh/sshd_config with a text editor.
    2. To allow public key authentication, set PubkeyAuthentication to yes. To allow password authentication, set PasswordAuthentication to yes.

      For example,

      ... PubkeyAuthentication yes PasswordAuthentication yes ...
    3. Save the file then reload the SSH service.
    4. Restart the SSH server to apply new settings.
      Restarting your SSH server does not affect currently connected users. 
      $ sudo stopsrc -s sshd $ sudo startsrc -s sshd
    5. To further secure your SSH Server, see Securing Your SSH Server.
  7. Secure your server or update your existing configuration.
    For a compilation of Aspera-recommended security best practices, see Aspera Ecosystem Security Best Practices.
    1. Configure your firewall (see Configuring the Firewall).
    2. Change and secure the TCP port (see Securing Your SSH Server).
    3. Determine if you want to use server-side encryption at rest. See Server-Side Encryption-at-Rest (EAR) for instructions on configuring this from the command line.

Upgrade Follow up

  1. If you were using asperawatchd or Watch Folders in version 3.6.1 or earlier, manually migrate any services that are run by a user other than root.
    The installer does not automatically migrate asperawatchd or asperawatchfolderd for users other than root, and you must manually start their services after upgrade:
    1. Confirm that the user has a docroot set in aspera.conf.
      To view the user's settings, run:
      
                #
                /opt/aspera/bin/
                asuserdata -u user

      If a value is not set for absolute in the docroot option set section, set a docroot by running the following command:

      
                #
                /opt/aspera/bin/
                asconfigurator -x "set_user_data;user_name,username;absolute,docroot"
    2. Confirm that the user has permissions to write to the log directory.
      To view the log directory settings, run:
      
                #
                /opt/aspera/bin/
                asuserdata -a

      Look for the values for rund_log_dir and watch_log_dir. If they are set to "AS_NULL", then the logs write to the default directory (/var/log/aspera.log).

    3. Start asperawatchd and asperawatchfolderd for the user by running the following commands: 
      
                #
                /opt/aspera/sbin/
                asperawatchd --user username
                
                #
                /opt/aspera/sbin/
                asperawatchfolderd --user username
  2. If you are updating an AoC node, restore the AoC data to the Redis database.
    1. Stop asperanoded. 
      
                  #
                  /etc/rc.d/init.d/asperanoded stop
    2. Flush existing data from the Redis database on the new node. 
      
                #
                
                  /opt/aspera/bin/asredis -p 31415 FLUSHALL
    3. Load the backup database file into the new node database. 
      
                #
                cat
                
                
                  /opt/aspera/bin/appendonly.aof | asredis --pipe -p 31415
    4. Restart asperanoded. 
      
                  #
                  /etc/rc.d/init.d/asperanoded start
  3. If the Redis database is run on another system: Update the KV store keys to the latest format.
    The local Redis database schema is automatically updated by the installer, but non-local Redis databases must be manually updated by running the following command as root :
    # /opt/aspera/bin/asnodeadmin --db-update
  4. If you have a backup of modified daemon start up scripts for asperacentral and asperanoded, copy your modifications into the new versions of these scripts. Restart the services to activate your changes.
  5. For all upgrades: Validate aspera.conf.
    The aspera.conf file is not overwritten during an upgrade and your configurations are preserved. However, the XML formatting, parameters, and acceptable values may have changed between your old version and new version. Run the following command to check aspera.conf for XML form and valid configuration settings:
    
            #
            
              /opt/aspera/bin/asuserdata -v