IBM Aspera High-Speed Transfer Server transformation guide

Migrate an on-premises IBM Aspera High-Speed Transfer Server (HSTS) deployment to IBM Cloud Pak for Integration. Take advantage of a containerized deployment on the Red Hat OpenShift Container Platform. You also have the option to allocate and reallocate purchased VPCs across any of Cloud Pak for Integration's other capabilities.

Prepare for your migration

Before migrating an on-premises HSTS to Cloud Pak for Integration, ensure that you:
  • Have a cluster on the OpenShift Container Platform.
  • Already installed Cloud Pak for Integration and deployed the HSTS operator (IBM Aspera HSTS) on that cluster.
  • Completed the preinstallation steps described in Before you begin.
  • Have a basic knowledge of the HSTS domain.

Migrate

To migrate your on-premise IBM Aspera HSTS deployment to CP4I, follow these procedures, in the order given:

  1. Backing up your existing on-premise IBM Aspera HSTS deployment
  2. Acquiring an IBM Aspera Cloud Pak for Integration license file
  3. Creating the Kubernetes secrets in the cluster
  4. Installing the IBM Aspera HSTS operator
  5. Deploying an instance of high speed transfer server
  6. Optional: Verifying Redis migration
  7. Verifying successful migration

Backing up your existing on-premise IBM Aspera HSTS deployment

Back up your existing deployment:

  1. Stop or wait for the HSTS active FASP transfers complete the operation.
  2. Stop the asperanoded service.
  3. Create the Redis backup file by running the following command:
    <HSTS_INSTALLATION_DIRECTORY>/bin/asredis -p 31415 BGREWRITEAOF
  4. Go to the directory <HSTS_INSTALLATION_DIRECTORY> and back up the appendonly.aof and aspera.conf files that are inside the etc and var folders.

For more information, see Before Upgrading or Downgrading.

Acquiring an IBM Aspera Cloud Pak for Integration license file

Obtain a license for IBM Aspera in Cloud Pak for Integration by sending an email to aspera-license@ibm.com with the sales order number and number of VPCs that you will use for HSTS, or contact the IBM sales team.

Creating the Kubernetes secret in the cluster

The secret stores the password you create to access your cluster. You can choose between keeping the Node API credentials that are automatically created by the HSTS operator (your_deployment_name-asperanoded-admin), or you can create your own credentials.

To create your own credentials, run the following command and store the secret according to your local security practices. Replace the example values for NODE_USER and NODE_PASS with applicable values:
oc create secret generic asperanoded-creds --from-literal=NODE_USER=nodeuser --from-literal=NODE_PASS=`uuidgen` -n aspera
Important: The password in the command above is not secure, as it does not comply with security best practices. Use a secure password for your use case.

Installing the IBM Aspera HSTS operator

Prerequisites: Review the requirements in Before you begin.

To install the HSTS operator, go to OpenShift and follow the steps in Deploying HSTS using the IBM Cloud Pak Platform UI or Deploying HSTS using the OpenShift web console.

When the status is Ready, you can deploy the high-speed transfer server (HSTS) instance.

Deploying an instance of high-speed transfer server

The high-speed transfer server (HSTS) instance requires a Redis database. You can specify the storage settings under the Storage menu. Choose one the following procedures to set up the Redis database:

  • Let the installation proceed and install Redis storage (this option requires that you configure the storage after the installation).
  • Bring your own Redis storage.

Let the installation proceed and install the IBM provided Redis storage:

To deploy an HSTS instance, follow the steps in Deploying HSTS using the IBM Cloud Pak Platform UI or Deploying HSTS using the OpenShift web console.

When the HSTS instance is running, restore the Redis database from the backup file appendonly.aof. The password is required; it is stored in the Kubernetes secret c-INSTANCE_NAME-redis-m, where INSTANCE_NAME is the instance name. If needed, you can retrieve the password REDIS_PASSWORD by using the CLI or the OpenShift web console.
  • In the CLI, run the following command; set the variable as an environment variable:
    REDIS_PASSWORD=$(oc get secret c-INSTANCE_NAME-redis-m -o json | jq -r .data.compose_password | base64 -d)
  • In the OpenShift web console, go to Workloads > Secrets and search for c-INSTANCE_NAME-redis-m; set the variable as an environment variable:
    REDIS_PASSWORD=xyz
When you have the Redis backup file in the current working directory, upload the backup file appendonly.aof to the Redis master pod. For ${REDIS_PASSWORD}, enter the value of the environment variable holding the password of the Redis server.
leader=$(oc get pods -l cluster_role=leader -o template --template '{{range .items}} {{.metadata.name}}{{end}}'); oc cp ./appendonly.aof $leader:/data/ -c db; \
oc exec $leader -c mgmt -- /usr/local/bin/redis-cli --no-auth-warning -a REDIS_PASSWORD FLUSHALL; \
oc exec $leader -c mgmt -- /bin/bash -c " cat /data/appendonly.aof | /usr/local/bin/redis-cli --no-auth-warning -a REDIS_PASSWORD --pipe "

Bring your own Redis:

When you have restored your previous data in the Redis database, follow the steps in Deploying HSTS using the IBM Cloud Pak Platform UI or Deploying HSTS using the OpenShift web console to deploy an IBM Aspera HSTS service and follow this procedure:

  1. Create an instance by clicking Create instance in Aspera HSTS Service .
  2. In the Configure via choose Form view or YAML view.
  3. Specify that you are using an external Redis and provide the host, port and TLS configuration.

Verifying Redis migration

To confirm that the restoration was successful, query the access keys on the service.

Run one of the following commands, where the -u command specifies the user credentials for the HSTS instance:

  • node_user=$(oc get secrets asperanode-nodeadmin -o jsonpath='{.data.NODE_USER}'| sed "s/\"//g" | base64 -D); \
node_pass=$(oc get secrets asperanode-nodeadmin -o jsonpath='{.data.NODE_PASS}'| sed "s/\"//g" | base64 -D); \
host=$(oc get route -o jsonpath='{.items[*].spec.host}');curl -v -ki -u "$node_user:$node_pass" https://$host/access_keys
  • host=$(oc get route -o jsonpath='{.items[*].spec.host}');curl -v -ki -u "node_user_name:node_user_password" https://$host/access_keys

Verifying successful migration

To verify that your migration is successful, use the OpenShift web console and follow these steps:

  1. Select Home > Projects.
  2. Select your project (namespace).
  3. In the Inventory section, select Pods.
  4. Select an HSTS ascp pod, which has ascp in the name. For example, instance_name-ascp-randomstring.
  5. Select the Terminal tab.
  6. From the Connecting menu, select ascp.
  7. When you are inside the ascp container shell, run:
    sh-4.4$ /opt/aspera/bin/ascp -A
  8. The output must include the ascp version and confirm that the settings are enabled. If the output shows a different state, you must run the installation and deploying process again.

Modernize

Now that you successfully migrated an existing IBM Aspera HSTS to Cloud Pak for Integration on OpenShift you can begin leveraging features that modernize your deployment:

  • Your high speed transfer server is a powerful, customizable hub for your high speed transfer activity.
  • The configuration of HSTS allows you to control which clients have access for uploading or downloading data.
  • Ensure how data is secured during and after transfer.
  • Gather transfer statistics from HSTS deployment in Cloud Pak for Integration.