Aspera Faspex and Aspera Shares
Aspera faspex and Aspera Shares are web-based application platforms that together enable a complete suite of collaboration capabilities powered by Aspera technology. The latest versions are now fully integrated with the latest Aspera server software running on premises or in the cloud, providing enterprises easy-to-manage and easy-to-use hybrid deployment possibilities for file upload, download, synchronization, and package sending and receiving via email transparent to storage location.
Aspera FASPEX 4.0
Faspex 4.0 is a major new version of Aspera's popular server software application for high speed, secure file and directory exchange integrated with email. The feature set includes a broad range of enhancements in response to Aspera user community feedback for enterprise user management, custom branding, enhanced usability and administrative ease. The next generation API uses a pure REST model and allows Faspex to be used as a backend platform for distributed relay of package content between a network of Aspera servers. The features by category are detailed below.
New Authentication for multiple SAML Providers and a Unified Login experience for Local, SAML, and LDAP/AD Users. Faspex has a full range of authentication options for the enterprise, including authenticated login of users and groups via local, Active Directory, LDAP, and SAML Single Sign-on.
- Faspex 4.0 expands this capability enabling a single Faspex server to authenticate users via any combination of multiple SAML identity providers.
- A new unified login page offers users login via local authentication, multiple SAML providers or Directory Service accounts.
- Custom User attributes can be imported from each Identity Provider and mapped to a common schema for display in Faspex and reporting in Aspera Console.
- New comprehensive interface allows Administrators to configure, test and troubleshoot multiple iDPs
- Enable/disable a new Identity Provider and set the default Provider.
- Automatically format SAML Certificates and test an Identity Provider configuration.
- Per Service Provider metadata is automatically generated and exportable.
- Set the Domain URL per IdP.
- Enable/Disable login visibility for each IdP and set custom login instructions.
- Restrict SAML login access to only members of known SAML groups explicitly added as Faspex groups.
- Set Domain URL mapping, NameID format, Fingerprint algorithm, and Allowable clock drift per IdP.
- Automatically fill the Identity Providers settings using the Provider's metadata URL or imported metadata file.
- Configure Custom User Attributes to be Imported from an Identity Provider and Mapped to Common Attribute Names in Faspex, including Global (used by all Faspex users) and Provider-Specific Attributes.
- Allows enterprises to import user attributes from existing user systems and map these into custom attributes in Faspex.
- Custom attributes can be default, global (required for all authentication mechanisms) or local to an Identity Provider, and required or optional for login.
- Custom attributes are displayed in the Faspex administrator Accounts page and are reported to Console.
- All Faspex LDAP queries will now specify the required attributes when querying a directory entry.
WORKGROUPS AND DROPBOXES
New Direct Uploads to Workgroup Custom Inboxes - Expanding upon the custom inbox capabilities, Workgroups can now be configured to route packages to custom inboxes only. No copy of the package is created in the default package location.
Dropbox Metadata is now Relayed Along with Package Content - When a dropbox is configured to use metadata profile, and is set to relay transfer content to other destinations, it will now automatically relay the metadata file along with other package content. The metadata is saved at the relay destination in an XML file.
Many Enhancements to Dropbox Metadata Forms - The Dropbox Metadata form builder offers Administrators many new capabilities:
- Enhanced package instructions allow administrators to add HTML tags, attributes, and CSS classes
- New configuration option to limit the maximum length of text fields and text areas
- New configuration option to limit illegal characters that can be used in metadata fields
- A new Date field type
- Length limits and illegal character filters can be configured for the Title and Notes fields in the New Package Metadata template
- Basic 508 compliance now supported in key parts of the Faspex UI
- New preview option to view the metadata form as it will be displayed to users
NEW IN PACKAGE SENDING AND EMAIL NOTIFICATION
- Administrators can configure global distribution lists that are available to all users if enabled. Each distribution list has a name, and a comma-separated list of email addresses. Faspex users can refer to the list name when sending Faspex packages.
- Active Global Distribution Lists appear in each User's Preferences in addition to Personal Distribution Lists. Users can not edit the list, but can duplicate the list and make modifications.
- When sending to a distribution list, the behavior is effectively sending to the expanded list. If the user is not allowed to send to one or more recipients in the list, a package send error will occur by default. A new server configuration option allows Administrators to turn off recipient validation, and ignore invalid recipients.
- A new import option allows Users to import contacts from a CSV file to populate a Global or Personal Distribution List.
New Email CC Feature and Additional Email Notification Fields
- If configured, users can now add at the time of package sending additional email addresses that will receive a copy of the package email on delivery, in addition to any default cc lists.
- On the package creation page, there is a new 'Receipt' field for modifying these recipients. When creating a new package, it will be automatically populated with the contents of the textbox above and if allowed, users may edit the recipient list.
- Two new variables for 'All Public Recipients' and ' All CC Recipients' can be added to the email notification template to display the public and cc'd addresses.
- Two new variables for 'All Files' and the 'First 10 Files' can be added to email notification template to display the files and folder names in the package received notification.
New Expanded Search Features in Accounts and Packages
- User accounts can now be searched by Custom Attributes in the Accounts page.
- Search sort and page parameters are now preserved on the User tables and the Packages tables throughout the application.
NEW IN SECURITY AND GLOBAL OPTIONS
- Administrators have a host of new options in Faspex 4.0 to configure settings by user in addition to globally:
- Ignore invalid recipients in package sending.
- Override the sending of welcome email when creating a user, and set the password manually.
- New password reset link for users has a default one-week expiration.
- New option to set custom password policies for individual users or self-registered users.
- New option to prevent password reuse with a configurable history.
- New global configuration option to allow users to send to all Faspex users.
- New global configuration option to allow users to set their own package deletion policy.
- New configurable package upload timeout
NEW IN CUSTOM BRANDING AND DISPLAY SETTINGS
- Administrators can now configure a customized logo image and a customizable CSS file for custom styling across Faspex, which is preserved across upgrades.
Customizable local login header and instructions
New Option to configure the Account display name and format
Allows user names to be specified with a 'Full Name' or default account display name format throughout Faspex.
NEW FASPEX V4 APIS
Faspex V4 supports both the current V3 APIs and a new set of API's that bring multiple next-generation capabilities and a host of new features for distributed Faspex deployments. The API can be enabled through a configuration option in the Faspex main yml.
- Follows REST API accepted standards (including response codes, etc) with JSON payload
All APIs support HMAC Authentication.
- New API functions for
- User Management, Setting Download Limits, Querying "Per User" Download Statistics, Editing Email Templates
- Overriding Package Delivery Location to Route Packages to Preferred Faspex Server per User
- Increased metadata field lengths
- Additional statistics and APIs to query download count, downloading count, file count per package, package creation date, package modification time, aggregate file size, downloader user name, IP address, download date and time
- New APIs for exposing Nodes, Share IDs, etc.
OTHER NEW FEATURES
The Faspex command line client will be available for Windows with the release of Faspex 4
Timestamps are preserved in Faspex if the new timestamp preservation option in the aspera.conf file is enabled (requires Enterprise Server 3.6.1)
SHARES 1.9 & SHARES 2.0 PREVIEW
Aspera is previewing Shares 2.0, a major new architecture of the popular Aspera Shares, Aspera’s single tenant application for high speed transfer and directory based authorization in the enterprise. Shares 2.0 is designed to address a common desire to scale Shares across diverse projects and users communities in the enterprise through new features to group Shares and Users into Projects, and delegate Project and Share authorization and user management to authorized users, while maintaining single sign on and a common administrative portal. Aspera is also demonstrating the features in its latest 1.9 release including comprehensive new user and share management APIs.
New Features in Aspera Shares 1.9
- Advances in Single Sign On and User Management
- SAML groups are now supported in Shares. As users sign on to SAML they are automatically given access permissions to their group's Shares and assigned transfer and security properties accordingly.
- New configuration option allowing administrators to direct users to SAML login page or local login page.
- New command line user management tools for batch management of users and groups (add/remove users, assign Shares and permissions to users and groups, etc).
- Faster Performance for large scale deployments.
- Internal performance optimizations allow Shares to remain fast and responsive for Shares instances with thousands of users and hundreds of Shares.
- Faster shares access and viewing within the UI. Shares UI automatically limits the side bar share view to a configurable number of Shares and links to a fast search by Share name to locate a Share and its authorized users.
- Enhanced search options allow users to be searched on first or last name and by username.
- Expanded Email Notification Settings
- Users can set preferences to receive emails when authorized to a share or when content is uploaded to a share.
- Administrators can set the default settings inherited by new accounts for these types of email notifications.
- Administrators can also customize the SMTP connection timeout value from the Web UI.
- Additional template substitution variables are available for the "Share Authorization Added" email template.
- Enhanced Shares database management
- Improved service during backup: The Shares UI and Nginx service remain available during backup
- New background jobs maintain old entries in the Shares database.
- New command line client for Linux supports Shares browsing, upload, download, delete and rename.
- Expanded node configuration settings. Redefine the HTTP fallback port and change node timeout values from the Administrative interface.
- RESTful Management API
- New RESTful API to manage users, groups (local and SAML), share authorizations, and nodes
- New API authorization scope for manager users to manage users and groups (or not) based on configuration
- Configurable option to allow manager users to manage users and groups for API versus UI
- Support for ATCM clusters
- Aspera Autoscale clusters can be connected to Shares for scale-out, HA transfer capability in cloud
- Improved Reporting and Notification
- User and Share IDs are reported through transfer tags for custom fields in Console Reports and criteria in Console email notification rulesets
- More robust content notification (notifications not sent to users with upload only permissions or on empty uploads)
- Improved error logging on SAML authentication failure
- All new folder/deletion of files and folders logged in the node Activity Feed
- Expiry date and status of user accounts displayed
- Additional Enhancements
- Support for IPv6 in the underlying web server
- Various upgrades of internal ruby gems and openssl libraries for enhanced security (Qualys A+ security score)
- New ability to pre-populate SAML users in addition to groups in the UI
- Enhanced user experience in deleting content (confirmation dialog, progress reported and acknowledged)
- Improved Share to Share transfer and reporting
- Unique certificate files generated on installation (dhparam.pem, cert.key, cert.pem)
Shares 2.0 Preview
A major new architecture of the popular Aspera Shares, Shares 2.0 is designed to address a common desire to scale Shares across diverse projects and users communities in the enterprise. New features include the ability to group Shares and Users into Projects, and delegate Project and Share authorization and user management to authorized users, while maintaining single sign on and a common administrative portal.
The model relies on a few key concepts:
Shares are the directories available on a host or cluster running Aspera server software, on premises or on cloud.
Projects are a collection of human defined Shares
Organizations are collections of Users, Groups and Projects
With Shares 2.0, enterprises can group Shares and delegate management, scope the eligible users and groups for Share authorization to a Project, easily navigate and interact with various groups of Shares, administer large user communities while supporting multiple authentication providers (SAML, OAUTH, LDAP, local), and scale to very large numbers of users, groups and Shares.
We look forward to sharing a sneek peak at IBC 2016 of the details
- System and organization admins admins can create/modify/delete transfer nodes, organizations, projects, users, groups and shares; manage organization, project and share authorizations to users and groups; and manager transfer node authorizations to organizations.
- Project admins can create/modify/delete shares within a project, manage members’ access roles on the project, and manage share authorizations in the project including delegating share management to individual Share admins.
- Users can access projects and shares to which they access and perform authorized file operations.