Configuration scenario: Sharing with external colleagues

Edit online

If your team collaborates with vendors, contractors, or other colleagues in a different company by sharing access to a repository of files and folders, use this article to configure your organization. You'll use the Aspera on Cloud Files app to enable secure and permission-based sharing of folders among designated collaborators.

For example, perhaps your team is:
  • A news organization receiving files from dispersed reporters and content providers.
  • A production company distributing files to theaters in diverse locations.
  • A team of scientists collaborating with researchers at a distant university to study the feasibility of exploratory mining in a given site.
  • Part of a production company sharing assets with vendors who provide coloration or other services.
  • A medical research group sharing large sets of genomic data files with scientific collaborators at remote sites.

Aspera proposes a workspace like this. This setup is flexible of course, and you can adapt it for your specific needs.

Your AoC organization: Overview

Edit online

Your Aspera on Cloud (AoC) organization is the primary container and administrative unit in your AoC subscription.

Customize your URL to brand your org

You can name your org and configure the subdomain of the URL that users will browse to access your org. For example, if your company name is Award Films, you can choose to use the URL awardfilms.ibmaspera.com. For details on this one-time-only configuration, see Customize your organization URL, name, and logo.

Your users collaborate in a workspace

A workspace is a digital space where designated members can collaborate. Each workspace is a collection of specific users, files and folders, access permissions, and collaboration rules. The users, files, and folders in one workspace are completely separate from those in another workspace. You'll configure a workspace in Procedure 2 below.

Users in a given workspace can collaborate freely with other members of the same workspace. By default, workspace members can also collaborate with users outside the workspace. But the admin can restrict that privilege if necessary; see Procedure 3 below.

Your files and folders are in IBM Cloud storage

Each Aspera on Cloud subscription includes one built-in, Aspera-managed auto-scale transfer cluster attached to storage in IBM Cloud.

This Aspera transfer cluster (also called ATS, Aspera transfer service; sometimes called a node) is the engine that AoC uses to upload and download your files and folders to and from your built-in IBM Cloud storage. ATS is hosted and managed by IBM Aspera.

The built-in IBM Cloud storage hosts your organization workspace, including the content your users upload and share using the Files app. As an admin, you can also upload content directly to this storage and then make that content available to your users. (Storage capacity depends on your AoC subscription tier.) See procedure 4 below.

The access credentials (access key and secret) for this transfer cluster and storage are delivered to the administrator who first created the AoC organization. You should retrieve and securely store the access credentials; they allow you to access and manage your IBM Cloud storage.

Note: You can attach your own local or cloud storage to Aspera on Cloud and then share storage contents with workspace users, but that process is not covered in this document; see articles in the Nodes section of this Help Center.

Process overview

Edit online

These are the high-level steps required to configure the scenario shown in the graphic in the opening section of this article; detailed procedures follow. Adapt as needed for your own requirements.

Use the AoC Admin app to:

  1. Create groups of users, both internal and external, to simplify and accelerate user management.
  2. Configure the workspace in which your groups will collaborate. Add your internal user groups as workspace members.
  3. (Optional) Configure the Files app to allow your workspace members to collaborate with your designated external groups only. This configuration is by no means required, but provides content security for your proprietary assets.
  4. Create the folders in which your internal and external groups will collaborate; share the folders with your groups, assigning specific permissions to allow them access while preserving content security.
  5. (Optional) Configure notifications to alert internal users when new content appears in their folders.
Important: As an admin, you must provide a transfer method for your users. You can do either of the following:
  • Notify your users that they will be prompted to download and install IBM Aspera Connect, the free, lightweight client app that enables high-speed transfers between the AoC app and the user desktop. For most browsers, users must also install a browser extension on each browser they use to access Aspera on Cloud. See Installation.
  • Configure the IBM Aspera HTTP Gateway, then attach it to Aspera on Cloud. This transfer method does not require users to download and install the Aspera Connect client.

1. Create groups to accelerate user management

Edit online
Use the AoC Admin app to create groups and add members to each group. You can add group members as follows:
  • Add users who are already members of your AoC organization. You'll see their names or email addresses auto-filling in the Add members dialog.
  • Add users who are not part of your AoC org. When you add new users to a group, you simultaneously add them as members of the organization.
  1. Go to the Admin app by clicking the app switcher and selecting Admin.
  2. Go to Groups > Create new.
  3. Give the group a name; for example, Group 1.
  4. Click Save.

    You have created the group; now add members to it.

  5. Click Members > Add members.
  6. Enter user names or email addresses for these group members and click Add. You can add multiple members in one operation.
  7. Repeat this procedure for the additional groups:
  • Group 2 (external group: Vendor A users)
  • Group 3 (internal users who collaborate with Vendor B)
  • Group 4 (external group: Vendor B users)

After you create the four groups, your Aspera on Cloud org looks like this:

2. Configure the workspace for user collaboration

Edit online

Now set up the workspace and make your internal groups workspace members.

Every AoC subscription is configured with one default workspace. Aspera recommends that you rename and use your default workspace. Depending on your subscription, you may be able to create a new workspace.

  1. Go to Workspaces > Default workspace.
  2. Give this workspace a name that clearly indicates its purpose; for example, Project Alpha.
  3. Click Save.
  4. Click Members > Add member.
  5. In the Search for new members field, enter the names of your internal user groups; for example: Group 1, Group 3.
    Note: Add yourself as a workspace member so you can verify correct workspace configuration. You can revoke your membership later if desired.
    Important: Do not enter the names of the external groups.

    These external users become limited users in your AoC org. Limited users have no access to workspace content beyond what you specifically share with them; this limited access enhances security for the content in the workspace.

  6. Click Add.

You now have a workspace with your internal groups as members.

2a. Disable the Packages app in your workspace (optional)

Edit online

Both the Files and Packages apps are enabled by default. This workspace uses only the Files app, so disable the Packages app. You can re-enable it at any time.

Important: Before you perform this procedure, be sure that you have retrieved the access key for your built-in node and storage; the admin who created the AoC organization received the credentials in a digital package from Aspera Tech Support. You can re-enable the Packages app any time.
  1. If necessary, open your new workspace: Workspaces > Project Alpha.
  2. Click Applications > Packages.
  3. Clear the checkbox labeled Use global app settings.
  4. Clear the checkbox labeled Enable application.
  5. Click Save.

3. Configure the workspace Files app for secure collaboration (optional)

Edit online

In this optional procedure, you'll configure the following specific collaboration capabilities for your workspace members. If you don't need these additional controls and security, skip this procedure.

  • Allow workspace members to upload content only into the folders you designate. This configuration makes it easy for you to monitor storage usage and transfer volume.
  • Designate your external groups (Group 2 and Group 4) as the only external users your workspace members can share with. This configuration ensures content security.

Configure the Files app:

  1. Go to Workspaces > Project Alpha > Applications > Files.
  2. Clear the checkbox labeled Use global app settings.
  3. In Restrict usage, click the toggle labeled Members can upload to and create folders on their home folder to On.

    The home folder is the root level of the Files app. By preventing uploads to this root level, you ensure that users upload content only into the folders you create on the built-in IBM Cloud storage and share with the workspace (see Procedure 4); these are folders you can readily monitor. For details, see Managing storage usage.

  4. In Collaboration, do the following:
    1. Set Who can share folders via public links to No one.

      This setting prevents members from sharing folders with public users.

    2. Set Who are eligible external users to Only the following emails and groups.
    3. Click the Search field and enter the external vendor groups; for example, Group 2 and Group 4.
      This configuration ensures that workspace members can share folders only with each other and with your two external vendor groups.
  5. Click Save.

4. Create and share the collaboration folders with the groups

Edit online

Now set up folders on your IBM Cloud storage and share them with your groups, giving them the spaces to collaborate in. You'll give access and the required permissions to each group. Then you can upload the desired content to the folders, or allow the users with "Upload" permission to populate the folder content.

You'll need the node secret for this procedure. To find the secret, see Important note in procedure 2a.

Recall that this is the configuration goal:

Folder permissions

As you share, you'll assign permissions to each folder based on the group and their access needs. Aspera recommends the following permissions matrix. Adjust for your own situation and goals.

Note: If you don't need to restrict user actions on content in your folders, you can leave the default permission of "Can edit" in place for all folders. In this case, you can skip this table and simplify the following procedure to omit assigning permissions. For details, see Content permissions.
Folders Permissions
Group 1 Group 2 Group 3 Group4
Ingest from Vendor A
  • Browse
  • Download
  • Delete
  • Preview
  • Browse
  • Upload files
  • Create directory
 n/a n/a
Distro to Vendor A
  • Browse
  • Upload files
  • Create directory
  • Browse
  • Download
  • Delete
  • Preview
 n/a n/a
Ingest from Vendor B n/a n/a
  • Browse
  • Download
  • Delete
  • Preview
  • Browse
  • Upload files
  • Create directory
Distro to Vendor B n/a n/a
  • Browse
  • Upload files
  • Create directory
  • Browse
  • Download
  • Delete
  • Preview
To create and share folders, do the following:
  1. Go to Workspaces > Project Alpha > Applications > Files > Shared folders > Create new.
  2. In the Node access dialog that opens, select the intended node, enter your node secret, and click Log in.
  3. Create a folder for Group 1 to upload content for Group 2 to download:
    1. In the Choose folder to share dialog that opens, click Create folder.
    2. Name the folder "Distro to Vendor A", then click OK. The new folder appears in the list.
    3. Click to select this new folder, then click Submit. This action makes the folder a shared folder.

  4. Share the folder "Distro to Vendor A" with Group 1, giving your internal users permission to upload to this folder:
    1. Click the folder row to open it, then click Add member.
    2. Click the field that displays Can edit to display permission options.
    3. Select permissions for Browse, Upload, Create folders. Then click off the permission list to close it. The field displays "Custom."

      Permissions to "Distro to Vendor A" for Group 1 (workspace members who collaborate with Vendor A).

    5. In the field that displays Search for users or groups, enter Group 1.
    6. Click Add.
  5. Share the folder "Distro to Vendor A" with Group 2, giving your users from Vendor A permission to download from this folder.
    1. Click Add member.
    2. Click the field that displays Can edit to open the permission options.
    3. Select permissions for Browse, Download, Delete, and Preview. Then click off the permission list to close it. The field displays "Custom."

      Permissions to "Distro to Vendor A" for Group 2 (the users from Vendor A).

    4. In the field that displays Search for new members, enter Group 2.
  6. Repeat the previous steps to create the folder "Ingest from Vendor A" with Group 1 and Group 2, reversing the permissions as shown in the permissions matrix.
  7. Repeat these steps to create and share two more folders for collaboration with Vendor B, giving access and permissions to Group 3 and Group 4. Refer to the table in the section "Folder permissions".

Result: Your internal and external groups can see the folders you created, and access folder content according to the permissions you assigned. Users must go to the workspace you set up in Procedure 2, and access the Files app in that workspace.

5. Configure notifications

Edit online
By default, AoC sends email notifications to all users when they receive access to a shared folder. This means that the users in your internal and external groups receive an email with a link to access each folder you share.
Note: If internal users don't see the notifications, ask them to verify that they've enabled receipt of notifications in their Account Settings page. Both internal and external users may also need to add Aspera to their email contacts. See also "Troubleshooting Email Notifications".

You can also allow your internal users to configure a notification when content is added to a folder they need to monitor.

  1. Go to Workspaces > Project Alpha > Notifications.
  2. Click the toggle labeled Use organization settings to Off.
  3. Click the toggle labeledAllow users to turn on notifications for new shared folder content to On.
  4. Click Save.

Your internal users can now set notifications for themselves when new content is added to the folders they need to monitor. For a user procedure, see Set notifications for new content in a shared folder.

Results

Edit online
Your configuration work is done.
  • Members of your internal groups are members of your org and the workspace Project Alpha. Each member of each internal group receives four email notifications.
    • The first contains a link allowing them to join the organization by logging in and creating an account.
    • The second email contains a link to join the workspace. These are standard users in your org.
    • The third and fourth emails contain links the to two folders you shared with them.
  • In the workspace, your internal groups see two folders in their Files app. They can browse and upload content to the Distro folder, and browse, download, preview and delete content from the Ingest folder.
  • Members of your external groups receive two email notifications, each with a link to one of the two folders you shared with them. When they click the link, an AoC portal opens to allow them access to the folder according to the permissions you set.
  • The external group members do not see the workspace or any content beyond what has been shared with them. These are limited users in your org.