Server Setup in Amazon EC2/Amazon S3
If you have an Aspera consumption-based entitlement, the server can be installed on an instance in Amazon EC2/Amazon S3 and run as a self-managed, cloud-based server that enables high-speed transfers with your Amazon S3 storage.
About this task
Prerequisites:
- You have Amazon EC2 and Amazon S3 subscriptions. Using the IAM service is optional but recommended.
- You can SSH into your Amazon EC2 instance as root. For instructions, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstances.html.
- The Linux Kernel on your server is 2.6.34 or higher. Run the
following command to confirm:
$ uname -a
Set up Amazon EC2 and Create an Instance
About this task
Procedure
-
Create an IAM role that has an EC2 Trust Relationship (recommended).
For more information, see Using Amazon S3 IAM Roles.
-
Create a key pair by using the EC2 Console.
For instructions, see:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html#create-a-key-pair
Warning: You must save the private key file when it is created in the AWS management console; this is the only time it is available. If you lose your private key, you cannot access your instance. -
Create a security group that allows inbound connections on TCP/22,
TCP/33001, and UDP/33001.
For more information on managing security groups, see:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
-
Launch an EC2 instance.
For instructions, see:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html#ec2-launch-instance_linux
On the Configure Instance Details page, specify the IAM role and security group you prepared.
-
Gather information for connecting to your instance.
To connect to your instance using any method other than the Amazon EC2 Console, retrieve the following information:
- Instance ID - See the Amazon EC2 Console Instance ID column.
- Public DNS name of the instance - See the Amazon EC2 Console Public DNS (IPv4) column. If this column is hidden, click the Show/Hide icon and select Public DNS (IPv4).
- Fully qualified path of the .pem file (the private key) for the instance key pair.
-
Prepare to SSH into your instance.
From the command line, change directories to the one containing your private key file. Change permissions on the private key file to ensure that it is not publicly viewable. For example, if your private key file is user1_key.pem, run the following command:
# chmod 400 /filepath/user1_key.pem
If you are using a third party to access S3, you might want to verify your RSA key fingerprint when you SSH into your instance. Get the fingerprint from your machine by running the following command:
# ssh-keygen -lf /filepath/user1_key.pem
-
SSH into your instance.
# ssh -i /filepath/private_key.pem ec2-user@public_DNS_name
If desired, confirm the RSA key fingerprint returned in the output matches that of your machine (see previous step), then enter
yes
. The output announces that the instance is now a known host.Once connected, elevate to root privileges:
$ sudo -i
-
Update sshd_config to enable port 33001 and password
authentication.
Edit /etc/ssh/sshd_config and make the following changes:
- Enable TCP/33001 by adding the text
Port 33001
. For example,... Port 22 Port 33001
- Enable password authentication by uncommenting the line
#PasswordAuthentication no
and changing the value toyes
. For example,... PasswordAuthentication yes
Save your changes.
- Enable TCP/33001 by adding the text
-
Restart the sshd service to activate the changes.
# systemctl sshd restart
-
Configure the local firewall.
Ensure that the local firewall is configured to support Aspera. Allow inbound connections on TCP/22, TCP/33001, and UDP/33001.
-
Verify that /etc/hosts contains an
entry for
127.0.0.1 localhost
. -
Disable SELinux.
For instructions, see Disabling SELinux.Warning: If this procedure is done incorrectly, you system might be unable to boot.
Install, Configure, and Enable the Aspera Server
Procedure
- Install HSTS on your VMI.
-
Create Aspera system user accounts and set passwords.
HSTS uses the system accounts to authenticate connections and these must be in place before you can transfer.
-
Enable your entitlement and register by running the following commands:
# /opt/aspera/bin/asalee-config.sh enable # systemctl asperanoded restart # /opt/aspera/bin/alee-admin register customer_ID entitlement_ID
To entitle Faspex (v.3.7.8+), Shares (v.1.7.3+), or Console (v.2.3.2+), run the corresponding command.- To entitle
Faspex:
# export RAILS_ENV=production # asctl faspex:rake entitlement:config_license_server EL_KEY="entitlement_id" EL_CUSTOMER_ID="customer_id"
- To entitle
Shares:
# /opt/aspera/shares/bin/run bash -c 'cd /opt/aspera/shares/u/shares && RAILS_ENV=production bundle exec rake aspera:ami:entitlement:config_license_server EL_KEY="entitlement_id" EL_CUSTOMER_ID="customer_id"
- To entitle Console:
# cd /opt/aspera/console/ # export RAILS_ENV=production # export PATH=/opt/aspera/common/ruby/bin:$PATH # aspera:ami:entitlement:license_mode_on* # rake aspera:ami:entitlement:config_license_server EL_KEY="entitlement_id" EL_CUSTOMER_ID="customer_id"
- To entitle
Faspex:
-
Enable the Aspera Trapd service by running the following command:
# /opt/aspera/bin/astrap-config.sh enable
-
Set the transfer user's docroot to S3 storage.
Run the following command, using this docroot syntax if you are using an IAM role.
# asconfigurator -x "set_user_data;user_name,username;absolute,
s3://s3.amazonaws.com/my_bucket/
"Restart asperanoded to activate your changes:
-
Run a test transfer.
Use HSTS, IBM Aspera High-Speed Transfer Endpoint, or IBM Aspera Desktop Client (or IBM Aspera Connect if you install IBM Aspera Shares, IBM Aspera Faspex, or HSTS on your instance) to run test transfers with your Aspera server on Amazon S3. On your local machine, run the following command:
# ascp -P 33001 --policy=fair -l 10000 local_filepath username@gc_instance_ip_address:/
Where local_filepath is a directory on the local machine with the files you want to transfer to Amazon S3. If your set up and transfer command are successful, files appear in your Amazon S3 bucket .