Aspera FASP® Proxy protects your organization’s network while enabling secure, high-speed transfers for client users within highly restrictive network environments. Designed for FASP-powered performance, it allows transparent pass-through of FASPtransfer sessions across secure DMZs without impeding transfer speeds or compromising the security of your internal network.
Able to function as a forward or reverse proxy, Aspera FASP Proxy consolidates FASP transfers in and out of a corporate network and enables precise control over which users can initiate FASP transfers with remote Aspera transfer servers. Aspera Proxy also supports load balancing, high availability configurations, and flexible security policies to meet your specific security needs. With support for FASP Proxy built into all Aspera desktop and browser-based transfer clients, it is simple to configure, making it easy to use by all users within an organization.
LIMITED-USE INTERNET ACCESS
Organizations often limit general Internet access for their employees, which can affect the FASP protocol even if used for legitimate business needs. FASP Proxy provides a secure way for users behind company network firewalls to initiate requests for FASP transfers with Aspera Transfer Servers residing outside of your corporate network, without exposing users’ IP addresses. It also enforces strict user authentication for Aspera clients that initiate connections to the outside servers.
PROTECT INTERNAL FILE STORES AND TRANSFER SERVERS
To provide security for business-critical assets, it is often not an option for enterprise IT to deploy an Aspera transfer server directly in the DMZ. To prevent direct connections to an Aspera transfer server, Aspera FASP Proxy can be deployed in the enterprise DMZ to hide the server IP, handle incoming client connections, and manage FASP sessions between outside Aspera clients and the internal servers.
CONSOLIDATE AND CONTROL FASP TRANSFERS
If you are an IT systems manager and want to establish better control and security around FASP transfers that your internal users initiate, Aspera FASP Proxy can fulfill your requirements without impeding the users’ experience. It provides a single point through which all FASP transfers flow in and out of your corporate network, hiding internal clients’ IP addresses and allowing you to control which users can initiate FASP transfers, without slowing down the speed of the transfers.
SECURE ACCESS IN HIGHLY RESTRICTIVE NETWORKS
Provides access to Aspera transfer servers located outside of the corporate network while protecting internal users’ IP addresses. Optional user authentication helps control which clients are allowed access to outside Aspera transfer servers.
PROTECTION FOR INTERNAL RESOURCES
Functioning as a reverse proxy within a corporate DMZ, FASP Proxy protects the security of Aspera transfer servers deployed within the internal network. Using Dynamic Network Address Translation (DNAT), it enables Aspera clients to access the servers from the outside without having to give away the servers’ IP addresses to outside users.
BUILT FOR FASP PERFORMANCE
Delivers high-speed transfer performance with kernel-level packet forwarding, preserving key characteristics of FASP transfers such as speed and security, found in all Aspera software products.
EASY-TO-USE CLIENT INTERFACE
With native support for FASP Proxy built into all desktop and browser-based Aspera clients, there are no special add-ons to install or scripts to run. A simple configuration within the client settings UI ensures seamless deployment and adoption by client users.
SECURE ACCESS TO ASPERA TRANSFER SERVERS
- Provides secure communication channel for FASP transfers between internal users within highly restrictive networks and outside Aspera Transfer Servers (forward) and from external transfer clients and servers to Aspera transfer servers deployed within the corporate network (reverse).
- Keeps corporate networks secure by using DNAT to hide internal clients’ IP addresses.
- Optional client user authentication with username and password enables control over which users can perform FASP transfers.
- APIs for secure, transparent proxying of FASP transfer sessions.
SCALABLE, ENTERPRISE-GRADE PROTECTION FOR INTERNAL RESOURCES
- Enables outside access to internal Aspera transfer servers without placing them into the DMZ.
- Protects internal transfer servers by using DNAT to forward FASP traffic in and out of the corporate network.
- Allows multiple FASP Proxy instances to be run on a server cluster, behind a load balancer, forming a high availability solution.
Support for chained proxies for multi-tier DMZ configurations
- Supports forwarding rules that can define access to specific internal transfer servers.
UNCOMPROMISING FASP PERFORMANCE
- Kernel-level packet forwarding ensures that FASP packets do not slow down, fully maintaining FASP transfer speeds.
- Preserves key characteristics of FASP transfers such as data encryption and retry and resume of failed transfers.
EASY-TO-USE CLIENT INTERFACE
- Built-in support for FASP Proxy in all Aspera desktop and browser clients.
- Simple configuration requires minimal information and can be easily set up by non-technical users.
- Configuration options include IP address, port numbers, cleanup and keep-alive intervals, timeout period and authentication.
- Set up proxy accounts to make sure that only authorized client users can initiate FASP transfers through the proxy.
In a forward proxy configuration, Aspera transfer clients sit inside the corporate network and initiate Aspera FASP transfers with Aspera servers located outside of the corporate network.
In a reverse proxy configuration, Aspera transfer clients sitting outside of the corporate network initiate Aspera FASP transfers with Aspera servers located inside the corporate network.
Chained proxy configuration, enables two or more proxies to be used in series to with mult-tiered DMZ configurations.
HA proxy configuration, enables load balancing where there are multiple Aspera servers on a network.
Operating Systems Supported
Linux: RedHat 6, CentOS 6, Fedora 15-20, Ubuntu 12-14, Debian 6 & 7, SLES 11, Kernel 2.6 or higher, and libc version GLIB 2.5+
SUPPORTED ASPERA TRANSFER SERVERS
Aspera Enterprise Server
Aspera Connect Server
SUPPORTED ASPERA TRANSFER CLIENTS
Aspera Desktop or Point-to-Point Clients
Aspera Connect Browser Plug-in
Aspera Embedded Client
Aspera Drive Client
Minimum Hardware Requirements
Refer to the minimum hardware requirements for your operating system.
- Stand-alone perpetual software license for standard or high-availability configuration.
- Requires Aspera Enterprise or Connect Server (v3.0+) to be installed with a proxy-enabled and node-enabled server license.
Central in a typical Aspera deployment, the transfer servers combine FASP transport with comprehensive transfer and user management for enterprise data workflows. Running on premise or in cloud, they provide a highly scalable and secure transfer environment that supports files of any size, thousands of concurrent transfers, and an unlimited number of users.
A full-featured desktop transfer client used to initiate and automate transfers with the Aspera Enterprise Server and the Aspera Point-to-Point advanced client.
Advanced desktop transfer client with support for user accounts, ability to connect to other Point-to-Point clients, and remote control by Aspera Console.
Lightweight, install-on-demand web browser plug-in that powers high-speed transfers between desktops and Aspera servers.
Easily embed Aspera’s high-performance FASP™ transport technology with our comprehensive development kit for Mac, Windows and Linux (Java, C++, C#, .NET).
What's New in FASP Proxy
- Better handling of cases where the connection from the proxy to the Aspera server host times out.
- For proxies using DNS names, with port-reuse disabled, the FASP TCP and UDP sessions are correctly routed to the same target host.
- New bind source address option for aspera.conf
ADVANCES IN ASPERA PROXY 1.4
- Security enhancements:
- All reverse proxy subsystems require aspshell by default (rather than when configured)
- Global rules are no longer permitted
- New support for chained proxies, two or more in series, for two-tier DMZ configurations
- Enhanced support for multiple internal servers running Windows and concurrent transfer sessions to Windows servers
- New load-balancing configuration for HA proxy deployments having multiple internal Aspera servers
- New reverse proxy support for Aspera Drive sync and for Aspera Sync
New reverse proxy support for concurrent client connections coming from the same IP destined for different Aspera server nodes