Table of Contents

Edge Extend Server

last updated on: Nov 14, 2022

The Edge Extend Server works with the Edge Extend Agent to provide high-performance, secure access to remote file servers. This guide provides information on how to use and configure the server.

For general documentation see Edge Extend.

Getting Started

Completing the setup of the server involves:

  1. Adding a license
  2. Adding a domain name
  3. Registering an “agent” 4. Adding an agent “connection”
  4. Exporting an agent “configuration file”
  5. Installing the “configuration file” on the remote agent

Edge Extend Configuration

Log in to the web interface for the server using the credentials for your instance.

For self-hosted images the default credentials are the user name admin@change.me and the password PleaseChange3. 

 https://server:8081

Select “License” and follow the instructions to add a trial license.

  • Key - Add your license key.

    The SMBStream Controller's license key binds the key to the Server's FQDN or IP address. It also contains an expiration date.

Select the menu option “Account”. Select “Edit account info” and change (and record) the Default Administrator username and password

  • Fullname - Name of user.
  • Username - Log in name.
  • Password - Log in password.

Select the menu option “Server” and “Edit” to add the following information:

  • Public IP or FQDN - The public endpoint for the controller, either an IP address or domain name as used by agents.
  • Port Number (UDP) - The port of the public endpoint. Leave as 8445.

Creating New Agent

Select “Agents” and “Create new agent” to configure a new agent.

You will be prompted for a “Name” and a “Password”. These can be changed later.

Creating an agent generates a unique “Agent ID” as well as a Public/Private Key Pair. The key pair provides non-repudiation and authentication for the agent.

List Agents

Select “Agents” to show a list of currently registered agents

The options are:

  • Agent info - Show Agent ID
  • Edit agent - Change name or password
  • Download config - JSON config file
  • Rotate Key - Change private key
  • Delete - Remove agent configuration

Click the name of the agent to create a Connection.

Create Agent Connection

A connection defines a specific file server an agent is connecting to. It will also specify what endpoint is exposed for this file server on the Edge Extend server.

Select “Create new connection” and enter a connection name. The name is used for logging and messages and can be changed. We recommend using the domain name of the file server.

  • Connection Name - A common name for the server e.g. “NAS01”.

The file server is given as a domain name and port. If the agent file system is of the format: //nas01/marketing then the port is 445 (the default for SMB) and the domain name is nas01. You can also use a fully qualified domain name (FQDN) like nas01.company.com or an IP Address. The path, in this case /marketing can be ignored. It will be used by the client when connecting through SMBStream.

  • IP Address or FQDN - The file server the agent will connect to. Either an internal IP address for the remote network, or fully qualified domain name. For example, “nas01.company.com”.
  • Port - The port of the target server, usually 445.

The Edge Extend server endpoint is what the client will connect. To support a connection such as //controller/marketing the port will be 445 and the endpoint “0.0.0.0”.

  • Controller Binding - Choose “Let me specify binding”:
  • CtrlEndpnt - Enter “0.0.0.0”
  • CtrlPort - Choose an unused port in the range 9445 to 9455. Choose 445 for Windows.
  • Protocol - Not currently used. Choose “SMB”.
  • Enabled - Not currently used. Leave checked.

Create additional connections for this agent if you are configuring additional remote servers in the same location. Connection information is not exported; you can make changes to connections after agents have been configured.

Export Agent Configuration

Return to the agent list and click the download icon to generate the configuration file for the agent. It will look like this: 

{
  "AgentID": "775a8716-107e-445b-8f9d-4b4b7d688f80",
  "AgentPrivkey": "LS0tLS1CRUdJTiBSU0EgUFJRVktLS0tLQpNSUlKS1FJ....",
  "CtrlPubkey": "LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSU....",
  "Controller": "44.97.174.244:8445",
  "Password": "InputAgentPasswordHere"
}

Note that configuration files do not include information on connections. Connection information is provided to the agent when it connects to the server.

Agent Configuration

To complete set up of the remote agents see Edge Extend Agent - Getting Started.

Verify Connection

You can verify access from the controller by installing client tools and mounting the volume 

apt install cifs-utils

And then: 

mount.cifs -o username=user1,port=9447,vers=3.0 '//127.0.0.1/<share>' /mnt

Which will allow you to list the contents 

 ls /mnt

Check Server Logs

Monitor the logs to check agents are successfully connecting. You must be in the ~/smbStream directory. Use Control-C to terminate: 

docker-compose logs

The logs will show successful connection to the controller and any local connections. 

smbstreamcntrl_1  | 2022/01/28 19:04:10 Accepted UDP Session from  182.105.134.194:60789
smbstreamcntrl_1  | 2022/01/28 19:04:11 Started SMB listener at 0.0.0.0:9445 for Agent Fremont for remote: 175.20.25.15:445
smbstreamcntrl_1  | 2022/01/28 19:04:11 Started SMB listener at 0.0.0.0:9446 for Agent Fremont for remote: 175.20.25.16:445
smbstreamcntrl_1  | 2022/01/28 19:28:45 Accepted SMB Connection from 10.253.254.129:46278 for remote 175.20.25.15:445

Check Controller Logs

An NT_STATUS_NOT_SUPPORTED error could be because NTLM traffic is blocked.

To check or fix this, go to the Windows host and open the Group Policy Editor (gpedit.msc).

Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

Look for the setting “Network security: Restrict NTLM: Incoming NTLM Traffic” and make sure it’s set to “Allow all”

© Copyright 2024 Nasuni.