Installing HSTE
To install HSTE, log in to your computer with root permissions.
Attention: The sudo package must be installed on your
Unix system to allow specific IBM Aspera applications to run specific privileged operations.
Important: If this is a product
upgrade, review all prerequisites that are in Before upgrading or downgrading.
-
Download HSTE from
Fix
Central. If you need help to determine your firm's access credentials, contact your Aspera account manager.
-
For product upgrades, ensure that you prepared your system to upgrade to a newer version.
Although the installer performs your upgrade automatically, you must complete the tasks that are described in Before upgrading or downgrading to not get installation errors or losing your former configuration settings.
- Run the installer.
Double-click the installer package and follow the on-screen instructions.Note: If the installer hangs during installation, another Aspera product might be running on your computer. To stop all FASP transfer-related applications and connections, see Before upgrading or downgrading.
- If you are using a perpetual license,
activate your license.
- Go to the license file and rename it
aspera-license
. The default location is the Downloads folder. - In the Finder menu bar, select Go > Go to
Folder, and enter
/Library
. Next go to Library > Aspera > etc and copy or drag the license file. - Enter the administrator username and password to allow Finder the permission to move the file.
- Go to the license file and rename it
-
If you are using an entitlement, set it up. Run the following commands to start the ALEE service, restart reloadasperanoded, and register your entitlement:
$ sudo /Library/Aspera/bin/asalee-config.sh enable $ sudo /Library/Aspera/bin/alee-admin register customer_id entitlement_id $ sudo launchctl unload /Library/LaunchDaemons/com.aspera.asperanoded.plist $ sudo launchctl load /Library/LaunchDaemons/com.aspera.asperanoded.plist
The output information includes when the Aspera entitlement server was reached.
Verify that you can now reach the Aspera entitlement server with the following command:
The output must include$ curl -i https://api.ibmaspera.com/metering/ping
HTTP/1.1 200 OK
. - Start the HSTE application. In Finder go to Applications > IBM High-Speed Transfer Endpoint. Double-click to start HSTE.
- Start the HSTE application. In Finder go to Applications > IBM High-Speed Transfer Endpoint. Double-click to start HSTE.
-
Edit OpenSSH authentication methods.
- Open your SSH Server configuration file from /etc/ssh/sshd_config with a text editor.
-
To allow public key authentication, set
PubkeyAuthentication
toyes
. To allow password authentication, setPasswordAuthentication
toyes
.Important: macOS servers must havePasswordAuthentication
set toyes
.For example,
... PubkeyAuthentication yes PasswordAuthentication yes ...
-
Enable SSH-based services.
The System Integrity Protection feature in Mac OSX blocks SSH-based services, which are required for Aspera transfers. To enable Aspera services, uncomment the setting
PermitUserEnvironment
and change the value toyes
. -
Save the file and restart the SSH server to apply the new settings.
Restarting your SSH server does not affect currently connected users. Click Apple menu > System Preferences > Sharing. Clear and then reselect Remote Login from the left panel. In the Allow access for: option, select All users, or specify individual user accounts for the FASP connections.
- To further secure your SSH Server, see Configuring the SSH Server.
-
Set the SSH path for transfer users.
-
Create a file named environment for every transfer user in the following
location:
/Users/username/.ssh/
-
Paste the following content into the file:
PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/opt/pkgconfig/bin:/Library/Aspera/bin:/Library/Aspera/sbin
This sets the PATH variable for remote connections.
- To allow local transfer users to run ascp commands, paste the same content, prefaced
with
export
into the following file (which you might need to create):/Users/username/.zshrc_profile
Note: Create a.bash_profile
if the user's configured shell is bash. Run:/Users/username/.bash_profile
-
Create a file named environment for every transfer user in the following
location:
-
Secure your server or update your existing configuration.
- Configure your firewall. See Configuring the firewall.
- Change and secure the TCP port. See Configuring the SSH Server.
- Determine whether you want to use server-side encryption at rest. See Server-Side Encryption-at-Rest (EAR) for instructions on configuring in the GUI or Server-Side Encryption-at-Rest (EAR) for instructions on configuring the encryption from the command line.
Upgrade follow up
- After the upgrade, you must manually start
asperawatchd
orasperawatchfolderd
services. The installer does not automatically migrate these services for users other than root . -
If the Redis database is run on another system: Update the KV store keys to the latest
format.
The local Redis database schema is automatically updated by the installer, but nonlocal Redis databases must be manually updated by running the following command as root :
# /Library/Aspera/bin/asnodeadmin --db-update
- If you customized any of your Aspera startup scripts, make sure to update these backups and merge your changes into the newly installed versions.
-
For all upgrades: Validate aspera.conf.
The aspera.conf file is not overwritten during an upgrade and your configurations are preserved. However, the XML formatting, parameters, and acceptable values might have changed between your old version and new version. Run the following command to check aspera.conf for XML form and valid configuration settings:
$ /Library/Aspera/bin/asuserdata -v