Aspera FASP Integration

Aspera Fast and Secure Protocol (FASP) Integration allows Mac and Windows Agents to upload files to a Cantemo server using Aspera instead of a shared storage or HTTP.

All Agents use a shared Aspera account, with the credentials stored in Cantemo.

Configuration in Cantemo

Configuration of the integration in Cantemo.

Aspera Node URL

Aspera Node API URL. Port number must to be included in the URL, normally Aspera Node API runs on port 9092.

API Username

The Aspera Node API and transfer username that is used by Agent clients to upload files to Aspera.

API Password

The password that Cantemo server uses towards Aspera Node API. The current password is never shown in the user interface. Leave empty to keep the current password.

Verify SSL

Whether Cantemo should verify the SSL certificate when communicating with Aspera Node API. It is recommended to verify the certificate for additional security, but this may not be possible with for example self-signed certificates.

Mounted Portal storage

The Cantemo storage that is mounted from the Aspera server. Root of this storage must point to the same path that “Path within Aspera” points to.

Path within Aspera

Path of selected Cantemo storage in Aspera, relative to the document root of the user defined in API Username.

For example: Username is agent, users document root in Aspera would by default be /transfer/agent, and if this setting is left empty, then /transfer/agent should be mounted on Cantemo server as a storage.

Another example: A subfolder on Aspera server is used, dedicated to this Cantemo system,

/transfer/agent/portal-storage. Then the Mounted Cantemo Storage should point to /transfer/agent/portal-storage as its root, and Path within Aspera value would be set to portal-storage.

Configuration on Aspera server

Below are high-level steps of setting up a user in Aspera. Please see Aspera documentation for more details. Links below are for Linux version of Aspera documentation.

• Setup a system user that will be used for transfers from Agents - for example agent

• Add this user to Aspera Node API - https://download.asperasoft.com/download/docs/entsrv/3.8.1/es_admin_linux/webhelp/index.html#dita/setup_es_node.html

• Configure this user to use token authentication - https://download.asperasoft.com/download/docs/entsrv/3.8.1/es_admin_linux/webhelp/index.html#dita/token_authorization.html and https://download.asperasoft.com/download/docs/entsrv/3.8.1/es_admin_linux/webhelp/index.html#dita/token_auth_config_conf.html

• Setup sharing of the users transfer root, for example /transfer/agent, so that it can be mounted and setup as a Storage on Cantemo server. If you want to use a sub-directory within that path, make sure to configure Path within Aspera in Cantemo so Agents know where to upload files.

Authentication flow

Agent authenticates against Aspera using Aspera Connect SSH key. All transfers are verified using transfer tokens. Example authentication flow when the Agent uploads files using Aspera:

1. Agent authenticates to Cantemo using Cantemo credentials

2. Agent asks Cantemo for an upload token specific for a single file

3. Cantemo requests a token from Aspera Node API for this file and returns it to the Agent, along with Aspera username

4. Agent uses the provided token, username and default Aspera Connect key, to start an Aspera transfer of the file