# Edge Extend Server
last updated on: Nov 14, 2022
The Edge Extend Server works with the [[/edgeextend/agent]] to provide high-performance, secure access to remote file servers. This guide provides information on how to use and configure the server.
For general documentation see [[:edgeextend]].
## Getting Started
Completing the setup of the server involves:
1. Adding a license
2. Adding a domain name
3. Registering an "agent"
4. Adding an agent "connection"
5. Exporting an agent "configuration file"
6. Installing the "configuration file" on the remote agent
### Edge Extend Configuration
Log in to the web interface for the server using the credentials for your instance.
For self-hosted images the default credentials are the user name `admin@change.me` and the password `PleaseChange3`.
https://server:8081
Select "License" and follow the instructions to add a trial license.
* **Key** - Add your license key.
The SMBStream Controller's license key binds the key to the Server's FQDN or IP address. It also contains an expiration date.
Select the menu option "Account". Select "Edit account info" and change (and record) the Default Administrator username and password
* **Fullname** - Name of user.
* **Username** - Log in name.
* **Password** - Log in password.
Select the menu option "Server" and "Edit" to add the following information:
* **Public IP or FQDN** - The public endpoint for the controller, either an IP address or domain name as used by agents.
* **Port Number (UDP)** - The port of the public endpoint. Leave as 8445.
### Creating New Agent
Select "Agents" and "Create new agent" to configure a new agent.
You will be prompted for a "Name" and a "Password". These can be changed later.
Creating an agent generates a unique "Agent ID" as well as a Public/Private Key Pair. The key pair provides non-repudiation and authentication for the agent.
### List Agents
Select "Agents" to show a list of currently registered agents
{{ :edgeextend:server:agents-list.png?600 |}}
The options are:
* **Agent info** - Show Agent ID
* **Edit agent** - Change name or password
* **Download config** - JSON config file
* **Rotate Key** - Change private key
* **Delete** - Remove agent configuration
Click the name of the agent to create a Connection.
### Create Agent Connection
A connection defines a specific file server an agent is connecting to. It will also specify what endpoint is exposed for this file server on the Edge Extend server.
Select "Create new connection" and enter a connection name. The name is used for logging and messages and can be changed. We recommend using the domain name of the file server.
* **Connection Name** - A common name for the server e.g. "NAS01".
The file server is given as a domain name and port. If the agent file system is of the format: `//nas01/marketing` then the port is 445 (the default for SMB) and the domain name is `nas01`. You can also use a fully qualified domain name (FQDN) like `nas01.company.com` or an IP Address. The path, in this case `/marketing` can be ignored. It will be used by the client when connecting through SMBStream.
* **IP Address or FQDN** - The file server the agent will connect to. Either an internal IP address for the remote network, or fully qualified domain name. For example, "nas01.company.com".
* **Port** - The port of the target server, usually 445.
The Edge Extend server endpoint is what the client will connect. To support a connection such as `//controller/marketing` the port will be 445 and the endpoint "0.0.0.0".
* **Controller Binding** - Choose "Let me specify binding":
* **CtrlEndpnt** - Enter "0.0.0.0"
* **CtrlPort** - Choose an unused port in the range 9445 to 9455. Choose 445 for Windows.
* **Protocol** - Not currently used. Choose "SMB".
* **Enabled** - Not currently used. Leave checked.
Create additional connections for this agent if you are configuring additional remote servers in the same location. Connection information is not exported; you can make changes to connections after agents have been configured.
### Export Agent Configuration
Return to the agent list and click the download icon to generate the configuration file for the agent. It will look like this:
{
"AgentID": "775a8716-107e-445b-8f9d-4b4b7d688f80",
"AgentPrivkey": "LS0tLS1CRUdJTiBSU0EgUFJRVktLS0tLQpNSUlKS1FJ....",
"CtrlPubkey": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSU....",
"Controller": "44.97.174.244:8445",
"Password": "InputAgentPasswordHere"
}
Note that configuration files do not include information on connections. Connection information is provided to the agent when it connects to the server.
### Agent Configuration
To complete set up of the remote agents see [[:edgeextend/agent#getting/startedAgent Configuration|Edge Extend Agent - Getting Started]].
### Verify Connection
You can verify access from the controller by installing client tools and mounting the volume
apt install cifs-utils
And then:
mount.cifs -o username=user1,port=9447,vers=3.0 '//127.0.0.1/' /mnt
Which will allow you to list the contents
ls /mnt
### Check Server Logs
Monitor the logs to check agents are successfully connecting. You must be in the ~/smbStream directory. Use Control-C to terminate:
docker-compose logs
The logs will show successful connection to the controller and any local connections.
smbstreamcntrl_1 | 2022/01/28 19:04:10 Accepted UDP Session from 182.105.134.194:60789
smbstreamcntrl_1 | 2022/01/28 19:04:11 Started SMB listener at 0.0.0.0:9445 for Agent Fremont for remote: 175.20.25.15:445
smbstreamcntrl_1 | 2022/01/28 19:04:11 Started SMB listener at 0.0.0.0:9446 for Agent Fremont for remote: 175.20.25.16:445
smbstreamcntrl_1 | 2022/01/28 19:28:45 Accepted SMB Connection from 10.253.254.129:46278 for remote 175.20.25.15:445
### Check Controller Logs
An ```NT_STATUS_NOT_SUPPORTED``` error could be because NTLM traffic is blocked.
To check or fix this, go to the Windows host and open the Group Policy Editor (gpedit.msc).
Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
Look for the setting “Network security: Restrict NTLM: Incoming NTLM Traffic” and make sure it’s set to “Allow all”