Server Setup in Amazon EC2/Amazon S3

If you have an Aspera consumption-based entitlement, the server can be installed on an instance in Amazon EC2/Amazon S3 and run as a self-managed, cloud-based server that enables high-speed transfers with your Amazon S3 storage.

Prerequisites:

You have Amazon EC2 and Amazon S3 subscriptions. Using the IAM service is optional but recommended.
You can login to your Amazon EC2 instance as an administrator, either through a Remote Desktop Protocol (RDP) or Powershell command line. For instructions, see http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html. Your instance must be configured to allow inbound RDP traffic.

Set up Amazon EC2 and Create an Instance

Use the AWS Management Console to prepare an instance to host your Aspera server.

Create an IAM role that has an EC2 Trust Relationship (recommended).
For more information, see Using Amazon S3 IAM Roles.
Create a key pair by using the EC2 Console.
For instructions, see:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html#create-a-key-pair

Warning: You must save the private key file when it is created in the AWS management console; this is the only time it is available. If you lose your private key, you cannot access your instance.
Create a security group that allows inbound connections on TCP/22, TCP/33001, and UDP/33001.
For more information on managing security groups, see:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
Launch an EC2 instance.
For instructions, see:
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/launching-instance.html

On the Configure Instance Details page, specify the IAM role and security group you prepared.
Gather information for connecting to your instance.
To connect to your instance using any method other than the Amazon EC2 Console, retrieve the following information:
- Instance ID - See the Amazon EC2 Console Instance ID column.
- Public DNS name of the instance - See the Amazon EC2 Console Public DNS (IPv4) column. If this column is hidden, click the Show/Hide icon and select Public DNS (IPv4).
- Fully qualified path of the .pem file (the private key) for the instance key pair.
- IPv6 address (only if you want to connect by using its IPv6 address) - See the Amazon EC2 Console IPv6 IPs column. The local computer must also have an IPv6 address and be configured to use IPv6.
Login to your instance through RDP or Powershell.
Configure the local firewall.
Ensure that the local firewall is configured to support Aspera. Allow inbound connections on TCP/22, TCP/33001, and UDP/33001.
Verify that C:\Windows\System32\Drivers\etc\hosts contains an entry for 127.0.0.1 localhost.

Install, Configure, and Enable the Aspera Server

Install HSTS on your VMI.

During installation, select Custom and enable the ALEE and Trap services.
Create Aspera system user accounts and set passwords.
HSTS uses the system accounts to authenticate connections and these must be in place before you can transfer.
Update sshd_config to enable port 33001 and password authentication.
Edit C:\Program Files\Aspera\Enterprise Server\etc\sshd_config and make the following changes:
- Enable TCP/33001 by adding the text Port 33001. For example,
```
...
Port 22
Port 33001
```
- Enable password authentication by uncommenting the line #PasswordAuthentication no and changing the value to yes. For example,
```
...
PasswordAuthentication yes
```
Save your changes.
Restart the sshd service to activate the changes.
Click Start > Control Panel > Administrative Tools > Services . Locate the OpenSSH Service and click Restart.
Set the transfer user's docroot to S3 storage.
Run the following command, using this docroot syntax if you are using an IAM role.
```
# asconfigurator -x "set_user_data;user_name,username;absolute,s3://s3.amazonaws.com/my_bucket/"
```
Restart the Aspera Node Service to activate your changes:

Restart asperanoded to activate the change: Go to Control Panel > Administrative Tools > Services, click Aspera NodeD, and click Restart.
```
> systemctl asperanoded restart
```
Run a test transfer.
Use HSTS, IBM Aspera High-Speed Transfer Endpoint, or IBM Aspera Desktop Client (or IBM Aspera Connect if you install IBM Aspera Shares, IBM Aspera Faspex, or HSTS on your instance) to run test transfers with your Aspera server on Amazon S3. On your local machine, run the following command:
```
> ascp -P 33001 --policy=fair -l 10000 local_filepath username@gc_instance_ip_address:/
```
Where local_filepath is a directory on the local machine with the files you want to transfer to Amazon S3. If your set up and transfer command are successful, files appear in your Amazon S3 bucket .