Table of Contents
Getting Started: Nasuni Access Anywhere Server On-Premises
last updated Jan 12, 2023
This document walks through deploying and configuring the Nasuni Access Anywhere Server running in a virtualization environment in your data center or cloud.
For cloud deployments see specific guides for Azure and AWS.
See Also:
Prerequisites
You need to prepare/collect the following information before you can complete this configuration guide:
- Virtual machine image for your Hypervisor
- License key
- Linux smeconfiguser password
- Linux root user password
- Appliance appladmin password
- Access to request / update DNS names for the appliance (recommended)
- Outbound mail relay information (recommended)
- Default storage system connectivity details
- Active Directory service account, for connecting to AD (optional)
Deployment Architecture
Single Node
For small to mid-size production environments, the server is typically deployed as a single virtual machine instance, sized for the estimated load.
Multiple Nodes
The platform may also be deployed across multiple virtual machine instances for scalability and high availability.
In this example, a load balancer is introduced to distribute requests across two stateless web nodes. Two additional nodes provide database services in an active/passive configuration. See SME File Fabric HA Setup "2 x 2" With Manual Failover for more information on this example and feel free to contact support to review your specific requirements.
Sizing
Resource | Minimum | Recommended |
---|---|---|
Memory | 6 GB | 8 GB |
vCPU | 4 | 8 |
Disk OS | 60 GB | 60 GB |
Disk DB | 100 GB | 100 GB |
For production deployments see Server Sizing Guide.
For client requirements see Supported Browsers and Client Devices.
Configure Public Endpoint
Applications access the server through a public endpoint, a fully qualified domain name that resolves to a public IP address. The public IP address will route to the virtual appliance, usually through a firewall or load balancer. SSL certificates need to be applied, and ports opened if needed.
Add DNS Host Records
Named-based virtual hosts are used to provide multiple protocols for the same ports. For single VM installations, the first domain name is typically the name of the host.
Choose three fully qualified domain names (FQDNs). For example:
- files.example.com - primary HTTP/HTTPS services (web app and API)
- files-webdav.example.com - used for Cloud WebDAV service
- files-s3.example.com - used for Cloud S3 service (deprecated)
Add DNS type A records for these domain names for the public IP Address. For example,
Type | Name | Value |
---|---|---|
A | files | 35.188.82.62 |
A | files-webdav | 35.188.82.62 |
A | files-s3 | 35.188.82.62 |
Verify that Public DNS records are set up correctly by pinging each FQDN from the appliance.
ping files.example.com ping files-webdav.example.com ping files-s3.example.com
Configure Static IP Address
Out of the box, the server comes preconfigured for DHCP. For most environments, you will need a static IP address. You can easily do this with tools available on the appliance. If you have DHCP with dynamic DNS enabled, you should be able to simply connect to “appliance.yourcompany.tld”. If not, and you do not know the IP address of the appliance, connect over a console session from your hypervisor.
To identify the IP addresses use:
ip a show dev eth0
Note: If you do not have DHCP enabled on your network, you can run the smenetconf script and assign a static address from the commandline. This must be run as the smeconfiguser.
smenetconf
Required Ports to Open
The appliance requires the following ingress ports:
Type | Protocol | Port | Source | Description |
---|---|---|---|---|
SSH | TCP | 22 | My IP | SSH for initial configuration |
HTTP | TCP | 8080 | My IP | Installation website (temporary) |
HTTPS | TCP | 443 | Anywhere | Main website |
HTTP | TCP | 80 | Anywhere | Redirects to the main website |
If you will be using FTP/FTPS or SFTP you'll need to add additional ports.
SSH into Appliance
Log into the appliance through SSH as smeconfiguser. (See trial email for password).
ssh smeconfiguser@<ipaddress>
Check that you can become root. (See trial email for password).
su -
This will be required to complete the configuration.
Start SME Config Server
The SME Config Server provides a web interface for configuring network settings including domain names.
If you are logged in as root leave root privilege and as the smeconfiguser start the configuration server by typing smeconfigserver. You should see a confirmation that the config server is running:
smeconfigserver Please contact me with a browser on port 8080 Hit Ctrl+C when work is done
Now open your browser and navigate to:
http://<your_ip>:8080
Here you will be able to configure network details, including domain names, and you can apply a custom certificate for secure HTTPS traffic.
Click “Configuration” to get started.
Configure Hostname Settings
Add the three domain names you created DNS entries for here.
Click “Configuration” and then “SME Server Hostname Settings”.
After Saving go to the “Overview” page and scroll down to the bottom to “Apply”. No other changes are required for the appliance.
Follow the prompts on the page to reboot the appliance. If you are not doing this immediately stop the Config Server by typing Control-C in the terminal window.
Once you are finished with smeconfigserver you can remove access to port 8080
SSL Certificates
The appliance includes an untrusted SSL certificate.
To create a trusted SSL/TLS certificate associated with your domain see SSL Certificates.
Configure Appliance
Open a browser to the domain name you assigned, for example:
https://files.example.com
If you haven't set a domain name, use your external IP address:
https://3.234.139.146
You'll see the following login page:
Log into the appliance as appladmin with a password from your trial license:
User name: appladmin Password: <appladminpassword>
License Key
A trial key can be requested from your Nasuni account manager.
Change Admin Password
We recommend you change the admin password.
Select “Password/Login” from the Main Menu to change the Appliance Administrator password.
After you select “Update password” you will be logged out and need to log back in.
Outbound Email (Recommended)
An SMTP server is used by the appliance to send registration and notification emails to users. A daily report and error notices are also emailed to the “Notification Email”.
See SMTP Configuration.
If you do not initially configure an email server remember not to use email notifications when adding users.
Change Appliance Admin Email
With an SMTP server configured you can change the email of the Appliance Admin. Go to the main menu (Hamburger icon) to Password/Login.
You can also set up Two Factor Authentication (2FA) for the Appliance Admin from this screen.
Server Notification Email
Server errors and a daily report are sent to a notification email that must be configured by the Appliance Administrator. The default is not to email reports.
The “Notification Email” setting is on the “SMTP and Filebox Configuration” page that can be found via the menu “Email and Filebox”.
Site Functionality
Here you can enable or disable certain functionality or features. The default settings are generally good for the initial deployment, but please go through the options to familiarize yourself with advanced options. Examples are: Enable in browser editor for inline editing of office documents, enable SFTP access, etc.
If you will be providing SFTP access through the Cloud SFTP gateway then you will need to regenerate the SFTP RSA keys. Instructions for doing that can be found here.
Requirements for Creating Users
Users can be created or can be imported from the delegated Active Directory / LDAP / SAML authentication system. A user requires a 'user name' and an email address to be created. In the event that a service account is being used for a user that does not have an email address consider using the User Principle Name (UPN) i.e the name of a system user in an email address format.
Post Installation
For further customizing and securing the appliance see Post Installation Tasks.
Creating Users
To add users and storage providers you first Create an Organization