Server Setup in Amazon EC2/Amazon S3

If you have an Aspera consumption-based entitlement, the server can be installed on an instance in Amazon EC2/Amazon S3 and run as a self-managed, cloud-based server that enables high-speed transfers with your Amazon S3 storage.

About this task

Prerequisites:

Set up Amazon EC2 and Create an Instance

About this task

Use the AWS Management Console to prepare an instance to host your Aspera server.

Procedure

  1. Create an IAM role that has an EC2 Trust Relationship (recommended).
    For more information, see Using Amazon S3 IAM Roles.
  2. Create a key pair by using the EC2 Console.
    For instructions, see:

    http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html#create-a-key-pair

    Warning: You must save the private key file when it is created in the AWS management console; this is the only time it is available. If you lose your private key, you cannot access your instance.
  3. Create a security group that allows inbound connections on TCP/22, TCP/33001, and UDP/33001.
    For more information on managing security groups, see:

    http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html

  4. Launch an EC2 instance.
    For instructions, see:

    http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html#ec2-launch-instance_linux

    On the Configure Instance Details page, specify the IAM role and security group you prepared.

  5. Gather information for connecting to your instance.
    To connect to your instance using any method other than the Amazon EC2 Console, retrieve the following information:
    • Instance ID - See the Amazon EC2 Console Instance ID column.
    • Public DNS name of the instance - See the Amazon EC2 Console Public DNS (IPv4) column. If this column is hidden, click the Show/Hide icon and select Public DNS (IPv4).
    • Fully qualified path of the .pem file (the private key) for the instance key pair.
  6. Prepare to SSH into your instance.
    From the command line, change directories to the one containing your private key file. Change permissions on the private key file to ensure that it is not publicly viewable. For example, if your private key file is user1_key.pem, run the following command:
    # chmod 400 /filepath/user1_key.pem

    If you are using a third party to access S3, you might want to verify your RSA key fingerprint when you SSH into your instance. Get the fingerprint from your machine by running the following command:

    # ssh-keygen -lf /filepath/user1_key.pem
  7. SSH into your instance.
    # ssh -i /filepath/private_key.pem ec2-user@public_DNS_name

    If desired, confirm the RSA key fingerprint returned in the output matches that of your machine (see previous step), then enter yes. The output announces that the instance is now a known host.

    Once connected, elevate to root privileges:

    $ sudo -i
  8. Update sshd_config to enable port 33001 and password authentication.
    Edit /etc/ssh/sshd_config and make the following changes:
    • Enable TCP/33001 by adding the text Port 33001. For example,
      ...
      Port 22
      Port 33001
    • Enable password authentication by uncommenting the line #PasswordAuthentication no and changing the value to yes. For example,
      ...
      PasswordAuthentication yes

    Save your changes.

  9. Restart the sshd service to activate the changes.
    # systemctl sshd restart
  10. Configure the local firewall.
    Ensure that the local firewall is configured to support Aspera. Allow inbound connections on TCP/22, TCP/33001, and UDP/33001.
  11. Verify that /etc/hosts contains an entry for 127.0.0.1 localhost.
  12. Disable SELinux.
    For instructions, see Disabling SELinux.
    Warning: If this procedure is done incorrectly, you system might be unable to boot.

Install, Configure, and Enable the Aspera Server

Procedure

  1. Install HSTS on your VMI.
  2. Create Aspera system user accounts and set passwords.
    HSTS uses the system accounts to authenticate connections and these must be in place before you can transfer.
  3. Enable your entitlement and register by running the following commands:
    # /opt/aspera/bin/asalee-config.sh enable
    # systemctl asperanoded restart
    # /opt/aspera/bin/alee-admin register customer_ID entitlement_ID
    To entitle Faspex (v.3.7.8+), Shares (v.1.7.3+), or Console (v.2.3.2+), run the corresponding command.
    • To entitle Faspex:
      # export RAILS_ENV=production 
      # asctl faspex:rake entitlement:config_license_server EL_KEY="entitlement_id" EL_CUSTOMER_ID="customer_id"
    • To entitle Shares:
      # /opt/aspera/shares/bin/run bash -c 'cd /opt/aspera/shares/u/shares && RAILS_ENV=production bundle exec rake aspera:ami:entitlement:config_license_server EL_KEY="entitlement_id" EL_CUSTOMER_ID="customer_id"
    • To entitle Console:
      # cd /opt/aspera/console/ 
      # export RAILS_ENV=production 
      # export PATH=/opt/aspera/common/ruby/bin:$PATH 
      # aspera:ami:entitlement:license_mode_on*
      # rake aspera:ami:entitlement:config_license_server EL_KEY="entitlement_id" EL_CUSTOMER_ID="customer_id"
  4. Enable the Aspera Trapd service by running the following command:
    # /opt/aspera/bin/astrap-config.sh enable
  5. Set the transfer user's docroot to S3 storage.
    Run the following command, using this docroot syntax if you are using an IAM role.
    # asconfigurator -x "set_user_data;user_name,username;absolute,s3://s3.amazonaws.com/my_bucket/"

    Restart asperanoded to activate your changes:

  6. Run a test transfer.
    Use HSTS, IBM Aspera High-Speed Transfer Endpoint, or IBM Aspera Desktop Client (or IBM Aspera Connect if you install IBM Aspera Shares, IBM Aspera Faspex, or HSTS on your instance) to run test transfers with your Aspera server on Amazon S3. On your local machine, run the following command:
    # ascp -P 33001 --policy=fair -l 10000 local_filepath username@gc_instance_ip_address:/

    Where local_filepath is a directory on the local machine with the files you want to transfer to Amazon S3. If your set up and transfer command are successful, files appear in your Amazon S3 bucket .