Installing HSTE

To install HSTE, log in to your computer with root permissions.

Attention: The sudo package must be installed on your Unix system to allow specific IBM Aspera applications to run specific privileged operations.
Important: If this is a product upgrade, review all prerequisites that are in Before upgrading or downgrading.
  1. Download HSTE from Fix Central.
    If you need help to determine your firm's access credentials, contact your Aspera account manager.
  2. For product upgrades, ensure that you prepared your system to upgrade to a newer version.
    Although the installer performs your upgrade automatically, you must complete the tasks that are described in Before upgrading or downgrading to not get installation errors or losing your former configuration settings.
  3. Run the installer.
    Double-click the installer package and follow the on-screen instructions.
    Note: If the installer hangs during installation, another Aspera product might be running on your computer. To stop all FASP transfer-related applications and connections, see Before upgrading or downgrading.
  4. If you are using a perpetual license, activate your license.
    1. Go to the license file and rename it aspera-license. The default location is the Downloads folder.
    2. In the Finder menu bar, select Go > Go to Folder, and enter /Library. Next go to Library > Aspera > etc and copy or drag the license file.
    3. Enter the administrator username and password to allow Finder the permission to move the file.
  5. If you are using an entitlement, set it up.
    Run the following commands to start the ALEE service, restart reloadasperanoded, and register your entitlement:
    $ sudo /Library/Aspera/bin/asalee-config.sh enable 
    $ sudo /Library/Aspera/bin/alee-admin register customer_id entitlement_id 
    $ sudo launchctl unload /Library/LaunchDaemons/com.aspera.asperanoded.plist 
    $ sudo launchctl load /Library/LaunchDaemons/com.aspera.asperanoded.plist
    

    The output information includes when the Aspera entitlement server was reached.

    Verify that you can now reach the Aspera entitlement server with the following command:
    $ curl -i https://api.ibmaspera.com/metering/ping
    The output must include HTTP/1.1 200 OK.
  6. Start the HSTE application. In Finder go to Applications > IBM High-Speed Transfer Endpoint. Double-click to start HSTE.
  7. Start the HSTE application. In Finder go to Applications > IBM High-Speed Transfer Endpoint. Double-click to start HSTE.
  8. Edit OpenSSH authentication methods.
    1. Open your SSH Server configuration file from /etc/ssh/sshd_config with a text editor.
    2. To allow public key authentication, set PubkeyAuthentication to yes. To allow password authentication, set PasswordAuthentication to yes.
      Important: macOS servers must have PasswordAuthentication set to yes.

      For example,

      ... PubkeyAuthentication yes 
      PasswordAuthentication yes ...
    3. Enable SSH-based services.
      The System Integrity Protection feature in Mac OSX blocks SSH-based services, which are required for Aspera transfers. To enable Aspera services, uncomment the setting PermitUserEnvironment and change the value to yes.
    4. Save the file and restart the SSH server to apply the new settings.
      Restarting your SSH server does not affect currently connected users. Click Apple menu > System Preferences > Sharing. Clear and then reselect Remote Login from the left panel. In the Allow access for: option, select All users, or specify individual user accounts for the FASP connections.
    5. To further secure your SSH Server, see Configuring the SSH Server.
  9. Set the SSH path for transfer users.
    1. Create a file named environment for every transfer user in the following location:
      /Users/username/.ssh/
    2. Paste the following content into the file:
      PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/sbin:/usr/local/bin:/opt/pkgconfig/bin:/Library/Aspera/bin:/Library/Aspera/sbin

      This sets the PATH variable for remote connections.

    3. To allow local transfer users to run ascp commands, paste the same content, prefaced with export into the following file (which you might need to create):
      /Users/username/.zshrc_profile
      Note: Create a .bash_profile if the user's configured shell is bash. Run:
      /Users/username/.bash_profile
  10. Secure your server or update your existing configuration.
    1. Configure your firewall. See Configuring the firewall.
    2. Change and secure the TCP port. See Configuring the SSH Server.
    3. Determine whether you want to use server-side encryption at rest. See Server-Side Encryption-at-Rest (EAR) for instructions on configuring in the GUI or Server-Side Encryption-at-Rest (EAR) for instructions on configuring the encryption from the command line.

Upgrade follow up

  1. After the upgrade, you must manually start asperawatchd or asperawatchfolderd services. The installer does not automatically migrate these services for users other than root .
  2. If the Redis database is run on another system: Update the KV store keys to the latest format.
    The local Redis database schema is automatically updated by the installer, but nonlocal Redis databases must be manually updated by running the following command as root :
    # /Library/Aspera/bin/asnodeadmin --db-update
  3. If you customized any of your Aspera startup scripts, make sure to update these backups and merge your changes into the newly installed versions.
  4. For all upgrades: Validate aspera.conf.
    The aspera.conf file is not overwritten during an upgrade and your configurations are preserved. However, the XML formatting, parameters, and acceptable values might have changed between your old version and new version. Run the following command to check aspera.conf for XML form and valid configuration settings:
    $ /Library/Aspera/bin/asuserdata -v