Before you begin

You must complete the preinstallation requirements before you can deploy the High-Speed Transfer Server (HSTS). There are also various optional preinstallation tasks that you might want to perform. Then, you can use the IBM Cloud Pak Platform UI to deploy the server.

Aspera security considerations

HSTS file transfers do not include anti-virus and malware scanning before or after the transfer. If your business security requirements include anti-virus and anti-malware scanning, you must implement a separate process for the scan before you transfer files in HSTS.

HSTS can restrict upload and transfer by file extension type. If your business requirements include this level of restriction, you must create policies for transfer file types and extensions by using the Node API. For more information see Aspera Node API.

Preinstallation requirements

Note: When deploying multiple HSTS instances, you must use a unique name for each namespace that you create, because the cluster doesn’t allow using the same name.

For guidance on OpenShift resource requirements, see Resource requirements.

The following items are prerequisites for installing the Aspera High-Speed Transfer Server operator:

IBM Cloud Pak® for Integration
Install Cloud Pak for Integration. See Overview – Installation.
Aspera license
Obtain an Aspera license. To do so, email aspera-license@ibm.com with the sales order number and number of VPCs for HSTS.
You can also get an evaluation license key from the IBM sales team.
Note: To obtain full HSTS performance you need an Aspera production environment license.
OpenShift
Version 4.7.0 or later.
OpenShift CLI
Install the OpenShift CLI. For more information about installing the CLI, see Getting started with the OpenShift CLI in the OpenShift documentation.
kubectl
Install and configure kubectl with access to your cluster.
Project (Namespace)
Create a namespace for HSTS by using the OpenShift web console or the OpenShift CLI.
Using the OpenShift web console:
  1. Log into your Red Hat OpenShift web console as a cluster administrator.
  2. Go to Home > Projects and click Create Project.
Using the command line:
  1. Log into your Red Hat OpenShift web console as a cluster administrator. Click the question mark (?) that is on the menu, then click Command line tools > Copy login command > Display Token and copy the login token to use in the next step.
  2. Run the following command, entering the applicable values for the placeholders your_token and your_server:port:
    oc login --token=your_token --server=your_server:port
  3. Run the following command to create a project, entering your wanted project name as the value for the placeholder project-name:
    oc new-project project-name

    Repeat this step for each project that you need to create.

IBM entitlement key and secret
Obtain an IBM entitlement key, and create a secret for it.
  1. Go to Access your container software.
  2. Select Get entitlement key, click Copy key, and save it according to your local security practices.
  3. Create a secret for your IBM entitlement key, for the cluster in your namespace. Use this command syntax, where you enter the values for your entitlement key and HSTS namespace:
    export IBM_ENTITLEMENT_USER=cp
    export IBM_ENTITLEMENT_KEY=my_entitlement_key
    oc create secret docker-registry ibm-entitlement-key \
    --docker-username=$IBM_ENTITLEMENT_USER \
    --docker-password=$IBM_ENTITLEMENT_KEY \
    --docker-server=cp.icr.io \
    -n my_namespace
Cluster-scoped permissions
See Cluster-scoped permissions required by the Aspera HSTS operator

Optional: Create a Persistent Volume Claim

The HSTS operator automatically creates a persistent Persistent Volume Claim (PVC), of the class hsts-transfer-pvc.

However, if you choose to create your own PVC, or your own credentials, you must do so before installing an instance of HSTS.
CAUTION:
If you create your own PVC, you need a minimum capacity of 2k IOPS for HSTS transfers.

To create a PVC with your own specifications:

  1. Create a pvc.yaml file with the required configuration.

    Note that the storage class is in this example is unique to IBM Cloud. When OpenShift is deployed on other public clouds, there are different storage classes.

    Open the OpenShift web console and click Storage in the navigation menu to find what storage classes are available. You must use a storage class with a name that ends in -gid (for supplemental group ID).

    In this example, storage is set to 100Gi (100 Gigabytes) and storageClassName is set to hsts-transfer-pvc:
    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: hsts-transfer-pvc
    spec:
      accessModes:
      - ReadWriteMany
      resources:
        requests:
          storage: 100Gi
      storageClassName: hsts-transfer-pvc-gid
  2. Create a reserve disk by using this syntax:
    oc apply -f pvc.yaml -n MY_NAMESPACE
  3. Save your PVC name (which is defined in the YAML file with name) in a convenient place, according to your local security practices. You will need it later to mount the storage to your pod.

Optional: Create an Aspera node credentials secret

The HSTS operator automatically creates the HSTS Node API credentials that you need to use when configuring HSTS with a Node API access key and secret, and that are required for doing file transfers with your HSTS instance. The credentials consist of a unique Node API username and password, which are stored in a secret called your_deployment_name-asperanoded-admin.

However, if you choose to create your own Node API user and password credentials, follow these steps:

  1. Run this command and store the secret according to your local security practices. If you copy and paste the command, make sure to edit the values NODE_USER and NODE_PASS. For example, the password value NODE_PASS is being set to uuid based on the uuidgen command:
    Note: This password is not secure as it does not comply with the security best practices. This password is only an example for this documentation.
    oc create secret generic asperanoded-creds --from-literal=NODE_USER=nodeuser --from-literal=NODE_PASS=`uuidgen` -n aspera
  2. If you skip this step, a default credential with a random password is created. The default secret is saved under the key <instancename>-asperanoded-admin. You can assign your instance name to the variable $INSTANCE_NAME. To assign you instance name to the variable, run this command:
    INSTANCE_NAME=`oc get IbmAsperaHsts -n aspera -o jsonpath='{.items[0].metadata.name}'`
    Note: If you didn't change your instance name, the default name of the instance is quickstart.

Next

You can use either the IBM Cloud Pak Platform UI or OpenShift web console to deploy the HSTS operator, after which you must use OpenShift to configure and instantiate HSTS: