Normally file movement is composed of a multi-step sequence of transfers. Aspera file transfers enable either file-by-file or session based submissions. This can include automatic forwarding which can be initiated either externally or internally by either a push files to, or pull of files from. This forwarding is commonly done by a server in a DMZ which forwards the request to a server inside the network or to a server located inside another DMZ stage when using a multistage DMZ architecture. After that forward completes the data gets forwarded again to the final destination.
Files can be automatically moved to different folders within the server. This is useful for archival purposes, post processing, or for more complex multistage transfers.
Each step in the automation process has a self-contained state which can be seen in the manifest file. The manifest file is useful for debugging, troubleshooting and tracking, a normal manifest file will usually contain:
- User information
- Cookie and Token data
- Directory structures throughout the process
Since automated transfers are powered by FASP they are fast and secure. They use secure authentication and content protection with encryption during transit with the ability to utilize encryption at rest (EAR).
Aspera Console has the capabilities to manage the Nodes. This allows you to easily monitor and control the transfers and receive notifications throughout the process.
Automation tools are cross platform and available for Windows, Macintosh and Linux.
To configure automatic forwarding for content ingest or delivery you can set the following options:
- File-by-File or File-Group submissions
- Trigger Forwarding Actions based on Push/Pull Mechanism
- Internally or Externally Initiated Transfers
- Ingest Data (any number of sources)
- Delivery to Aspera Destinations (any number of Destinations)
- Whether to Preserve Directory Structures, Users, Cookies or Tokens
- To use Encryption or not
- Monitoring and Notification for Aspera Console
If you are using the Aspera Automation Toolkit you can also use the following advanced configuration options:
- Strict Completion for Sessions Preservation (wait for all files to complete transfer before initiating forward; or forward with incomplete transfers)
- Encryption at Rest and while in Transit
- Whether to use Key-Based Authentication
- Whether to use High-Availability and Clustered Deployments
- Advanced Reporting and Notification for Aspera Console
Aspera Orchestrator is a web-based application and SDK platform that enables precise control over the Aspera high-performance file transfer environment. It allows organizations to build efficient, predictable file processing pipelines that interconnect business units and external partners. With Orchestrator, files can be directed, processed and redirected with easy-to-define rules based on an organization’s workflows and using existing IT infrastructure. Aspera automation streamlines complex workflows, integrates seamlessly with third-party plug-ins and ensures that each processing step is accurately performed.
For more information about Orchestrator APIs, see the IBM Aspera Orchestrator User Guide (select your platform and transfer server version to access the document link).
If you have content that is submitted over a public network it is usually received at an 'ingest' server that is behind a firewall in a DMZ and is outside the Internal Network firewall, as seen in the diagram above. In this case the data is automatically forwarded from the 'ingest' server in the DMZ to the Aspera Server in the Internal Network, where the files are stored or additional processing takes place. For example, when an external customer submits content to an Aspera Server in a DMZ via Connect Client, that content is moved from the DMZ to the Internal Server with Aspera AspForward.
If you have content that is submitted internally to a distribution Aspera Server located in a DMZ by a contributor using Aspera Client on the Internet Network you can use the Content Distribution automation tool. When they content is received is it automatically forwarded from the distribution server to the intended external destination over the public network, as seen in the diagram above. For example, when an internal network user submits content to an Aspera Server in a DMZ via Connect Client, that content is distributed from the DMZ to external destinations with Aspera AspForward.
Enterprise networks often implement multistage DMZ and firewalls to enhance security and keep access levels separated. In these cases content submitted to an Aspera Server in a DMZ behind a firewall is automatically forwarded to an Internal DMZ when appropriate. The Aspera Servers in the Internal DMZ forward the data to the servers in the Internal Network. A diagram of a typical setup is above.
In most cases the files in the DMZ or Internal DMZ are automatically moved within the same server to a different directory before those files are automatically forwarded or pulled or any other tasks are performed on them. The move or copy of the files within the DMZ can maintain the directory structure. Multistage forwarding can be applied to both Ingest and Distribution.
For example, an external customer may submit content to an Aspera Server that is located in the External DMZ via Connect Client; that content is then moved from the External DMZ to the Internal DMZ with AspForward, and finally it is moved from the Internal DMZ to a server in the Internal Network with AspForward.
Advanced Forwarding Configuration
In several enterprises, multiple customers and partners submit content to a an Aspera Server in a DMZ and behind a firewall, and it forwards the content to multiple Aspera Servers in the Internal Network. The user data of the initial transfer is preserved throughout the process and is available to be used in post-processing actions to determine proper handling. An example of this scenario is seen below. For example, if an external customer submits content to an Aspera Server that is in a DMZ via Connect Client, the content is moved from the DMZ to the Internal Network using AspForward, which can preserve user credentials.