# Edge Extend Server last updated on: Nov 14, 2022 The Edge Extend Server works with the [[/edgeextend/agent]] to provide high-performance, secure access to remote file servers. This guide provides information on how to use and configure the server. For general documentation see [[:edgeextend]]. ## Getting Started Completing the setup of the server involves: 1. Adding a license 2. Adding a domain name 3. Registering an "agent" 4. Adding an agent "connection" 5. Exporting an agent "configuration file" 6. Installing the "configuration file" on the remote agent ### Edge Extend Configuration Log in to the web interface for the server using the credentials for your instance. For self-hosted images the default credentials are the user name `admin@change.me` and the password `PleaseChange3`. https://server:8081 Select "License" and follow the instructions to add a trial license. * **Key** - Add your license key. The SMBStream Controller's license key binds the key to the Server's FQDN or IP address. It also contains an expiration date. Select the menu option "Account". Select "Edit account info" and change (and record) the Default Administrator username and password * **Fullname** - Name of user. * **Username** - Log in name. * **Password** - Log in password. Select the menu option "Server" and "Edit" to add the following information: * **Public IP or FQDN** - The public endpoint for the controller, either an IP address or domain name as used by agents. * **Port Number (UDP)** - The port of the public endpoint. Leave as 8445. ### Creating New Agent Select "Agents" and "Create new agent" to configure a new agent. You will be prompted for a "Name" and a "Password". These can be changed later. Creating an agent generates a unique "Agent ID" as well as a Public/Private Key Pair. The key pair provides non-repudiation and authentication for the agent. ### List Agents Select "Agents" to show a list of currently registered agents {{ :edgeextend:server:agents-list.png?600 |}} The options are: * **Agent info** - Show Agent ID * **Edit agent** - Change name or password * **Download config** - JSON config file * **Rotate Key** - Change private key * **Delete** - Remove agent configuration Click the name of the agent to create a Connection. ### Create Agent Connection A connection defines a specific file server an agent is connecting to. It will also specify what endpoint is exposed for this file server on the Edge Extend server. Select "Create new connection" and enter a connection name. The name is used for logging and messages and can be changed. We recommend using the domain name of the file server. * **Connection Name** - A common name for the server e.g. "NAS01". The file server is given as a domain name and port. If the agent file system is of the format: `//nas01/marketing` then the port is 445 (the default for SMB) and the domain name is `nas01`. You can also use a fully qualified domain name (FQDN) like `nas01.company.com` or an IP Address. The path, in this case `/marketing` can be ignored. It will be used by the client when connecting through SMBStream. * **IP Address or FQDN** - The file server the agent will connect to. Either an internal IP address for the remote network, or fully qualified domain name. For example, "nas01.company.com". * **Port** - The port of the target server, usually 445. The Edge Extend server endpoint is what the client will connect. To support a connection such as `//controller/marketing` the port will be 445 and the endpoint "0.0.0.0". * **Controller Binding** - Choose "Let me specify binding": * **CtrlEndpnt** - Enter "0.0.0.0" * **CtrlPort** - Choose an unused port in the range 9445 to 9455. Choose 445 for Windows. * **Protocol** - Not currently used. Choose "SMB". * **Enabled** - Not currently used. Leave checked. Create additional connections for this agent if you are configuring additional remote servers in the same location. Connection information is not exported; you can make changes to connections after agents have been configured. ### Export Agent Configuration Return to the agent list and click the download icon to generate the configuration file for the agent. It will look like this: { "AgentID": "775a8716-107e-445b-8f9d-4b4b7d688f80", "AgentPrivkey": "LS0tLS1CRUdJTiBSU0EgUFJRVktLS0tLQpNSUlKS1FJ....", "CtrlPubkey": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSU....", "Controller": "44.97.174.244:8445", "Password": "InputAgentPasswordHere" } Note that configuration files do not include information on connections. Connection information is provided to the agent when it connects to the server. ### Agent Configuration To complete set up of the remote agents see [[:edgeextend/agent#getting/startedAgent Configuration|Edge Extend Agent - Getting Started]]. ### Verify Connection You can verify access from the controller by installing client tools and mounting the volume apt install cifs-utils And then: mount.cifs -o username=user1,port=9447,vers=3.0 '//127.0.0.1/' /mnt Which will allow you to list the contents ls /mnt ### Check Server Logs Monitor the logs to check agents are successfully connecting. You must be in the ~/smbStream directory. Use Control-C to terminate: docker-compose logs The logs will show successful connection to the controller and any local connections. smbstreamcntrl_1 | 2022/01/28 19:04:10 Accepted UDP Session from 182.105.134.194:60789 smbstreamcntrl_1 | 2022/01/28 19:04:11 Started SMB listener at 0.0.0.0:9445 for Agent Fremont for remote: 175.20.25.15:445 smbstreamcntrl_1 | 2022/01/28 19:04:11 Started SMB listener at 0.0.0.0:9446 for Agent Fremont for remote: 175.20.25.16:445 smbstreamcntrl_1 | 2022/01/28 19:28:45 Accepted SMB Connection from 10.253.254.129:46278 for remote 175.20.25.15:445 ### Check Controller Logs An ```NT_STATUS_NOT_SUPPORTED``` error could be because NTLM traffic is blocked. To check or fix this, go to the Windows host and open the Group Policy Editor (gpedit.msc). Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options. Look for the setting “Network security: Restrict NTLM: Incoming NTLM Traffic” and make sure it’s set to “Allow all”