The IBM Aspera on Cloud or AoC offering is a cloud-based file transfer service that allows organizations to transfer files built on the cutting-edge IBM technology known as FASP. Aspera FASP or Fast and Secure Protocol is an incredibly secure and resilient file-transfer protocol that is able to transfer files up to 100 times faster than FTP or HTTP.
The Aspera on Cloud solution can be deployed in two unique deployments, either as a self-managed or SaaS-based Aspera server to facilitate the file transfer. Before we dig into the use cases for both deployments, let’s briefly discuss the architectural components of Aspera on Cloud.
Aspera on Cloud consists of two components, an Aspera on Cloud application that is installed locally on the host machine and the Aspera Transfer Server.
Sections
The Aspera on Cloud application is installed on the host machine to facilitate communication between the host machine and the Aspera Transfer Server. This local application allows users to seamlessly drag and drop files onto the Aspera web-based interface to initiate a file transfer to the cloud-based Aspera Transfer Server.
The Aspera on Cloud Transfer Server is a cloud-based server that facilitates the file transfer to and from endpoints. Here, users can quickly and seamlessly transfer files from their workstation to the Aspera Transfer Server and allow for users to download that same file from the Aspera Transfer Server allowing for speed, security, and reliability of the transfer process.
As noted, specific components of the Aspera on Cloud solution, in particular, the Aspera Transfer Server, can be implemented either as self-managed or Saas Managed. In the following article, we will look at the unique pros and cons of implementing the Aspera on Cloud Transfer server in a self-managed orientation or SaaS managed.
SaaS | Self-hosted | |
Compute Costs | Included | Yes, Client account |
Scaling | Included | Yes, Client would need to build and manage |
Object Storage Support | Yes, only specific regions in public clouds | Yes, all regions |
Block Storage | No | Yes |
Egress | $0.03/GB beyond included amount | Billed through Client account |
Infrastructure Management | No, cluster managed by IBM Aspera | Yea, Client Manages |
Version Upgrades | Included | Yes, customer must upgrade as needed |
Irdeto Integration | Yes, Irdeto Watermarking (requires Irdeto subscription as well) | No, would require custom development |
APIs for custom integrations | Yes | Yes |
As a way to get a deeper understanding of the self-managed and SaaS managed process, we highly recommend trialing both services in your own VPC. In order to start the evaluation, sign up for the trial here:
https://www.ibm.com/account/reg/us-en/signup?formid=urx-30538
**Please reach out to us at engineering@pacgenesis.com and we can assist with getting the evaluation up and running.
You can attach an existing AWS S3 storage to your AoC organization. Once attached, you can make the bucket and its contents available to your AoC users.
Use this procedure when you have an existing AWS S3 and want to make it (or content from it) accessible to users in your AoC workspaces. If you already have an existing Aspera transfer node (which can be on-prem or in the cloud, and managed by you or by Aspera) with its Node URL and password, see Adding a Node to the Organization.
Note: To attach other storage types (for example, IBM COS, MS Azure, Google), see Attaching Cloud Storage to Your AoC Organization.
Once you attach the AWS S3 bucket, you can give various users access to specifically designated parts of the storage using AoC access keys. Distinct from the AWS S3 bucket access keys, these native AoC access keys are an additional layer of security that allows you to securely access the bucket through AoC and other Aspera client applications. You can create multiple AoC access keys to the same AWS S3 bucket to partition access to specific areas of the storage. For details, see Creating Transfer and Access Credentials.
Note: Once you attach the S3 bucket, you can use the Aspera GUI to transfer to your cloud storage; see Using the Transfer Service from the Desktop Client GUI.
This procedure requires you to use both the Aspera on Cloud Admin interface and the AWS portal interface.
This storage can now be used to support a workspace.
You can apply an optional policy to enhance AWS S3 bucket access security. Use the procedure below to restrict access to the bucket from any IP address except those you specifically designate; this restriction is also known as whitelisting. This policy will still allow the Aspera transfer service to access the bucket for transfer operations.
Find the required VPC ID and VPCE ID listed by AWS region below:
You can add your own IBM Aspera High-Speed Transfer Server to your AoC organization. Your transfer server may be on-premises, in a private cloud, or in a public cloud. You must first configure the transfer server specifically for use with AoC, and then add it to AoC with the Admin application. This process is often referred to as tethering a node, and once the process is completed the server is referred to as a tethered node.
You can also use the Aspera on Cloud transfer service to connect your existing cloud storage. For details, see Attaching Cloud Storage to Your AoC Organization.
Before you can add your transfer server to AoC, you must configure it as described in Configuring an Aspera Transfer Server as a Node for Aspera on Cloud.
To complete this procedure, you must have the following information available:
Note:
If you have multiple Aspera on Cloud organizations that use the same storage, you must use separate access keys for each organization.
CAUTION:
For user-managed nodes (on-premises or cloud-based), schedule backups of the Redis database on your node. The Redis database contains your file IDs, permissions, access keys, and other node data. If it is corrupted and you do not have a backup, you must manually recreate your workspace. For instructions on creating backups, see “Backing up and Restoring a Node Database” in the IBM Aspera High-Speed Transfer Server Admin Guide.
Aspera on Cloud polls the transfer node for node settings every five minutes; configuration changes you make to the node (for example, changes to aspera.conf) are propagated to Aspera on Cloud at that polling interval. If necessary, you can initiate an immediate poll from Aspera on Cloud to the node so that node configuration changes are reflected immediately in Aspera on Cloud behaviors.
Local Term | Local Definition |
Path | The absolute path on the storage. |
Amazon S3 Term | Amazon S3 Definition |
Storage class | Select as appropriate: (1) Standard, or (2) Reduced redundancy, or (3) Infrequent access. |
Server-side encryption | Select as appropriate: (1) None, (2) AES-256, or (3) AWS KMS. This configures encryption on the server in AWS. |
KMS key ID ARNorKMS key alias ARN | If using AWS KMS server-side encryption:The AWS Key Management Service key ID, in the format arn:aws:kms:<region>:<account_number>:key/<encryption_key_id>.KMS key ID example: “arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab”.orThe AWS Key Management Service key alias, in the format arn:aws:kms:<region>:<account_number>:alias/<encryption_key_alias>.KMS key alias example: “arn:aws:kms:us-west-2:111122223333:alias/my_key_alias”Note: Be sure to include the AWS bucket region in the ARN. |
IAM Role ARN | The Amazon Resource Name (ARN) of the IAM role to assume. |
External ID | The unique identifier used by third parties when assuming roles in their customers’ accounts. The storage account holder sets this ID. To find it, go to the AWS management console, then click Roles > yourRole > Trust Relationship. Find your trust relationship in the list, and see the External ID listed in the ‘Conditions’ column for that relationship. Not all trust relationships include an external ID. |
Session name | The role session name that uniquely identifies a session when the same role is assumed by different principals or for different reasons. |
Bucket | The bucket name. |
Endpoint | The URL that is the entry point to the storage for a web service. Example: s3.amazon.com. |
Path | The relative path under the bucket. |
IBM COS Term | IBM COS Definition |
Access key ID | The ID of the access key for the IBM COS. |
Secret access key | The secret that matches the key. |
Bucket | The bucket name. |
Endpoint | The URL that is the entry point to the storage for a web service. Example: s3.us.cloud-object-storage.appdomain.cloud. |
Path | The relative path under the bucket. |
MS Azure Blob Term | MS Azure Blob Definition |
API type | Select as appropriate: (1) Block, or (2) Page. |
Storage credentials | The access key for SAS URL for the storage. |
Storage account | The storage account provides a unique namespace in Azure for your data. Every object that you store in Azure Storage has an address that includes your unique account name. The combination of the account name and the Azure Storage blob endpoint forms the base address for the objects in your storage account. |
Access key | The key ID associated with the storage account. |
Container | The name of the container that organizes a set of blobs. A container is similar to a directory in a file system. |
Path | The relative path in the container. |
MS Azure Files Term | MS Azure Files Definition |
API type | Select as appropriate: (1) Block, or (2) Page. |
Storage account | The storage account provides a unique namespace in Azure for your data. Every object that you store in Azure Storage has an address that includes your unique account name. The combination of the account name and the Azure Storage blob endpoint forms the base address for the objects in your storage account. |
Password | The password to the storage account. |
Path | The relative path on the storage. |
If you’d like to learn more about Aspera on Cloud, specifically get a deeper understanding of the value in a self-managed configuration versus a Managed SaaS configuration, consider reaching out to the team at PacGenesis! Here at PacGenesis, as an IBM Gold-status Partner, we’ve made it a priority to help organizations adopt new file transfer solutions such as Aspera. With over 10 years of experience and hundreds of satisfied clients supported, we’re certain that we can help your organization with any questions or concerns related to file transfer capabilities.
To reach us, call us at (512) 766-8715 or email us at sales@pacgenesis.com.
As data transfer technology advances, we’re entering a transformative era where faster, more secure, and…
In today’s fast-paced e-commerce landscape, staying competitive means more than just offering great products and…
In today’s digital age, the loss of critical data can be devastating. Whether you're a…
Transferring files between devices, servers, and networks is a daily necessity for both individuals and…
As a trusted partner in cybersecurity, we know just how important it is to stay…
Secure and seamless file transfers can impact your productivity and trustworthiness, whether you’re sharing files…