HSTS deployment and configuration

Edit online

Deploy and configure HSTS

To deploy HSTS you will need a virtual or physical system, a CA generated certificate, and the HSTS deployment and configuration scripts. You can deploy it using automation scripts or manual steps.

Automation script deployment

  1. Download IBM Aspera High-Speed Transfer Server.
  2. Download/request an Aspera Enterprise license and place it in the aspera-license folder.
  3. Copy the following files into a directory (can be any location as long as the files are in the same folder) of the target system where HSTS will be installed:
    1. Aspera license file (aspera-license)
    2. HSTS installer package (rpm, deb)
    3. Certificates (tls.crt, tls.key)
  4. Log in to target system and run the following script to deploy HSTS:
    ./hstsctl-linux setup -l <location of packages, license and certificate> -n <node_user> -u <non_root_user> -p <desired HSTS node server password>

e.g.  ./hstsctl-linux setup -l /root -n node001 -u xfer -p testpassword1234
    Alternatively, you can run this setup on a remote machine using remote-run:
    Note: In this case, the -l flag represents the location of the packages, license, and certificate on your current machine, not the target machine. remote-run will transfer the files to the remote machine.
    ./hstsctl-macos setup remote-run -l <location of packages, license and certificate> -u <non_root_user> -n <HSTS_node_user> -p <HSTS_node_password> -H <remote hostname to SSH into> -U <SSH username> -P <SSH password>

e.g.  ./hstsctl-macos setup -l /root -n node001 -u xfer -H 1.23.45.678 -p desiredhstspassword12 -U root -P rootpassword
    Important: The hstsctl-macos and hstsctl-linux binaries are both required when using remote-run from macOS. The hstsctl-macos binary will copy the hstsctl-linux binary to the remote machine and execute it there.

Configure HSTS for AEJD

  1. Go to Admin > Integration > Aspera node services > Create new to get a registration token.
  2. Run the following script to configure HSTS to get events from HSTS to AEW:
    ./hstsctl-macos aejd remote-run -H <HSTS host> -t <Registration token> -U <ssh_user> -P <ssh_password> -o -s <Fully qualified "IBM Aspera Enterprise Webapps" domain name>

e.g. ./hstsctl-macos aejd remote-run -H hsts.99599.asperatest.net -U root -P rootpassword -s demo.asperatest.net -t gmwbdfpkrmykyorhracseazkkzdlarfu -o
    Important: If you enabled custom certificates using asctl enableCustomCert (with or without a PEM path), run hstsctl aejd with either -k or --insecure, for example:
    ./hstsctl-macos aejd remote-run -H hsts.99599.asperatest.net -U root -P rootpassword -s demo.asperatest.net -t gmwbdfpk -k
If you need to manually deploy HSTS, refer to the HSTS manual deployment section.