Getting Started: Nasuni Access Anywhere Server On-Premises

This document walks through deploying and configuring the Nasuni Access Anywhere Server running in a virtualization environment in your data center or cloud.

For cloud deployments see specific guides for Azure and AWS.

See Also:

• Nasuni Access Anywhere v2106 Release Notes

You need to prepare/collect the following information before you can complete this configuration guide:

• Virtual machine image for your Hypervisor
• License key
• Linux smeconfiguser password
• Linux root user password
• Appliance appladmin password
• Access to request / update DNS names for the appliance (recommended)
• Outbound mail relay information (recommended)
• Default storage system connectivity details
• Active Directory service account, for connecting to AD (optional)

For small to mid-size production environments, the server is typically deployed as a single virtual machine instance, sized for the estimated load.

The platform may also be deployed across multiple virtual machine instances for scalability and high availability.

In this example, a load balancer is introduced to distribute requests across two stateless web nodes. Two additional nodes provide database services in an active/passive configuration. See SME File Fabric HA Setup "2 x 2" With Manual Failover for more information on this example and feel free to contact support to review your specific requirements.

For production deployments see Server Sizing Guide.

For client requirements see Supported Browsers and Client Devices.

Applications access the server through a public endpoint, a fully qualified domain name that resolves to a public IP address. The public IP address will route to the virtual appliance, usually through a firewall or load balancer. SSL certificates need to be applied, and ports opened if needed.

Named-based virtual hosts are used to provide multiple protocols for the same ports. For single VM installations, the first domain name is typically the name of the host.

Choose three fully qualified domain names (FQDNs). For example:

• files.example.com - primary HTTP/HTTPS services (web app and API)
• files-webdav.example.com - used for Cloud WebDAV service
• files-s3.example.com - used for Cloud S3 service (deprecated)

Add DNS type A records for these domain names for the public IP Address. For example,

Verify that Public DNS records are set up correctly by pinging each FQDN from the appliance.

ping files.example.com 
ping files-webdav.example.com
ping files-s3.example.com

Out of the box, the server comes preconfigured for DHCP. For most environments, you will need a static IP address. You can easily do this with tools available on the appliance. If you have DHCP with dynamic DNS enabled, you should be able to simply connect to “appliance.yourcompany.tld”. If not, and you do not know the IP address of the appliance, connect over a console session from your hypervisor.

To identify the IP addresses use:

ip a show dev eth0

Note: If you do not have DHCP enabled on your network, you can run the smenetconf script and assign a static address from the commandline. This must be run as the smeconfiguser.

smenetconf

The appliance requires the following ingress ports:

If you will be using FTP/FTPS or SFTP you'll need to add additional ports.

Log into the appliance through SSH as smeconfiguser. (See trial email for password).

ssh smeconfiguser@<ipaddress>

Check that you can become root. (See trial email for password).

su -

This will be required to complete the configuration.

The SME Config Server provides a web interface for configuring network settings including domain names.

If you are logged in as root leave root privilege and as the smeconfiguser start the configuration server by typing smeconfigserver. You should see a confirmation that the config server is running:

smeconfigserver
Please contact me with a browser on port 8080
Hit Ctrl+C when work is done

Now open your browser and navigate to:

http://<your_ip>:8080 

Here you will be able to configure network details, including domain names, and you can apply a custom certificate for secure HTTPS traffic.

Click “Configuration” to get started.

Add the three domain names you created DNS entries for here.

Click “Configuration” and then “SME Server Hostname Settings”.

After Saving go to the “Overview” page and scroll down to the bottom to “Apply”. No other changes are required for the appliance.

Follow the prompts on the page to reboot the appliance. If you are not doing this immediately stop the Config Server by typing Control-C in the terminal window.

Once you are finished with smeconfigserver you can remove access to port 8080

The appliance includes an untrusted SSL certificate.

To create a trusted SSL/TLS certificate associated with your domain see SSL Certificates.

Open a browser to the domain name you assigned, for example:

 https://files.example.com   

If you haven't set a domain name, use your external IP address:

 https://3.234.139.146

You'll see the following login page:

Log into the appliance as appladmin with a password from your trial license:

 User name: appladmin
 Password: <appladminpassword>

See Activating your License.

A trial key can be requested from your Nasuni account manager.

We recommend you change the admin password.

Select “Password/Login” from the Main Menu to change the Appliance Administrator password.

After you select “Update password” you will be logged out and need to log back in.

An SMTP server is used by the appliance to send registration and notification emails to users. A daily report and error notices are also emailed to the “Notification Email”.

See SMTP Configuration.

If you do not initially configure an email server remember not to use email notifications when adding users.

With an SMTP server configured you can change the email of the Appliance Admin. Go to the main menu (Hamburger icon) to Password/Login.

You can also set up Two Factor Authentication (2FA) for the Appliance Admin from this screen.

Server errors and a daily report are sent to a notification email that must be configured by the Appliance Administrator. The default is not to email reports.

The “Notification Email” setting is on the “SMTP and Filebox Configuration” page that can be found via the menu “Email and Filebox”.

Here you can enable or disable certain functionality or features. The default settings are generally good for the initial deployment, but please go through the options to familiarize yourself with advanced options. Examples are: Enable in browser editor for inline editing of office documents, enable SFTP access, etc.

If you will be providing SFTP access through the Cloud SFTP gateway then you will need to regenerate the SFTP RSA keys. Instructions for doing that can be found here.

Users can be created or can be imported from the delegated Active Directory / LDAP / SAML authentication system. A user requires a 'user name' and an email address to be created. In the event that a service account is being used for a user that does not have an email address consider using the User Principle Name (UPN) i.e the name of a system user in an email address format.

For further customizing and securing the appliance see Post Installation Tasks.

To add users and storage providers you first Create an Organization