avid nexis | linux file...
TRANSCRIPT
Avid NEXIS® | Linux File Gateway
Setup and User’s GuideVersion 2020.3
Legal NoticesProduct specifications are subject to change without notice and do not represent a commitment on the part of Avid Technology, Inc.
This product is subject to the terms and conditions of a software license agreement provided with the software. The product may only be used in accordance with the license agreement.
Part of the software embedded in this product is gSOAP software.
Portions created by gSOAP are Copyright (C) 2001-2004 Robert A. van Engelen, Genivia inc. All Rights Reserved.
THE SOFTWARE IN THIS PRODUCT WAS IN PART PROVIDED BY GENIVIA INC AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The following disclaimer is required by the Independent JPEG Group:This software is based in part on the work of the Independent JPEG Group.
This Software may contain components licensed under the following conditions:Copyright (c) 1989 The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Copyright (C) 1989, 1991 by Jef Poskanzer.
Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation. This software is provided " as is" without express or implied warranty.
Copyright 1995, Trinity College Computing Center. Written by David Chappell.
Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation. This software is provided " as is" without express or implied warranty.
Copyright 1996 Daniel Dardailler.
Permission to use, copy, modify, distribute, and sell this software for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Daniel Dardailler not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. Daniel Dardailler makes no representations about the suitability of this software for any purpose. It is provided " as is" without express or implied warranty.
Modifications Copyright 1999 Matt Koss, under the same license as above.
Copyright (c) 1991 by AT&T.
Permission to use, copy, modify, and distribute this software for any purpose without fee is hereby granted, provided that this entire notice is included in all copies of any software which is or includes a copy or modification of this software and in all copies of the supporting documentation for such software.
THIS SOFTWARE IS BEING PROVIDED " AS IS" , WITHOUT ANY EXPRESS OR IMPLIED WARRANTY. IN PARTICULAR, NEITHER THE AUTHOR NOR AT&T MAKES ANY REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
This product includes software developed by the University of California, Berkeley and its contributors.
The following disclaimer is required by Paradigm Matrix:Portions of this software licensed from Paradigm Matrix.
The following disclaimer is required by Ray Sauers Associates, Inc.:“Install-It” is licensed from Ray Sauers Associates, Inc. End-User is prohibited from taking any action to derive a source code equivalent of “Install-It,” including by reverse assembly or reverse compilation, Ray Sauers Associates, Inc. shall in no event be liable for any damages resulting from reseller’s failure to perform reseller’s obligation; or any damages arising from use or operation of reseller’s products or the software; or any other damages, including but not limited to, incidental, direct, indirect, special or consequential Damages including lost profits, or damages resulting from loss of use or inability to use reseller’s products or the software for any reason including copyright or patent infringement, or lost data, even if Ray Sauers Associates has been advised, knew or should have known of the possibility of such damages.
The following disclaimer is required by Videomedia, Inc.:“Videomedia, Inc. makes no warranties whatsoever, either express or implied, regarding this product, including warranties with respect to its merchantability or its fitness for any particular purpose.”
2
“This software contains V-LAN ver. 3.0 Command Protocols which communicate with V-LAN ver. 3.0 products developed by Videomedia, Inc. and V-LAN ver. 3.0 compatible products developed by third parties under license from Videomedia, Inc. Use of this software will allow “frame accurate” editing control of applicable videotape recorder decks, videodisc recorders/players and the like.”
The following disclaimer is required by Altura Software, Inc. for the use of its Mac2Win software and Sample Source Code:©1993–1998 Altura Software, Inc.
The following disclaimer is required by Interplay Entertainment Corp.:The “Interplay” name is used with the permission of Interplay Entertainment Corp., which bears no responsibility for Avid products.
This product includes portions of the Alloy Look & Feel software from Incors GmbH.
This product includes software developed by the Apache Software Foundation (http://www.apache.org/).
© DevelopMentor
This product may include the JCifs library, for which the following notice applies:JCifs © Copyright 2004, The JCIFS Project, is licensed under LGPL (http://jcifs.samba.org/). See the LGPL.txt file in the Third Party Software directory on the installation CD.
Avid Interplay contains components licensed from LavanTech. These components may only be used as part of and in connection with Avid Interplay.
Attn. Government User(s). Restricted Rights LegendU.S. GOVERNMENT RESTRICTED RIGHTS. This Software and its documentation are “commercial computer software” or “commercial computer software documentation.” In the event that such Software or documentation is acquired by or on behalf of a unit or agency of the U.S. Government, all rights with respect to this Software and documentation are subject to the terms of the License Agreement, pursuant to FAR §12.212(a) and/or DFARS §227.7202-1(a), as applicable.
TrademarksAvid, the Avid Logo, Avid Everywhere, Avid DNXHD, Avid DNXHR, Avid NEXIS, Avid NEXIS | Cloudspaces, AirSpeed, Eleven, EUCON, Interplay, iNEWS, ISIS, Mbox, MediaCentral, Media Composer, NewsCutter, Pro Tools, ProSet and RealSet, Maestro, PlayMaker, Sibelius, Symphony, and all related product names and logos, are registered or unregistered trademarks of Avid Technology, Inc. in the United States and/or other countries. The Interplay name is used with the permission of the Interplay Entertainment Corp. which bears no responsibility for Avid products. All other trademarks are the property of their respective owners. For a full list of Avid trademarks, see: http://www.avid.com/US/about-avid/legal-notices/trademarks.
Apple, Macintosh, and Safari are either registered trademarks or trademarks of Apple Computer, Inc., registered in the U.S. and other countries. HP is a registered trademark of Hewlett-Packard Company. Intel is a registered trademark of Intel Corporation. Java is a trademark of Sun Microsystems in the United States and/or other countries. Kingston is a registered trademarks of Kingston Technology Corporation. All other marks may be the property of their respective titleholders. Windows is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. All other trademarks contained herein are the property of their respective owners.
Avid NEXIS | Linux File Gateway Setup and User’s Guide • Created 3/17/20 • This document is distributed by Avid in online (electronic) form only, and is not available for purchase in printed form.
3
4
Contents
Using This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
If You Need Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Accessing the Online Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Avid Training Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 1 Avid NEXIS | Linux File Gateway Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
File Gateway Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
File Gateway Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 2 Installing Avid NEXIS | Linux File Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Preparing the Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Creating and Configuring a Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Installing CentOS in the VM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Adding the CentOS VM to DNS and Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Installing the Client and File Gateway Software on the CentOS VM . . . . . . . . . . . . . . . . . . . . . . . . 16
Activating the File Gateway License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Changing the Administrator Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Deactivating a License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Upgrading a File Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 3 Using Avid NEXIS | Linux File Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Configuring an Identity Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Connecting to Avid NEXIS and Sharing Workspaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Removing Shared Workspaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Adding and Removing Remote Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Adding Local Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Configuring Access from Users to Workspaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Connecting to a Shared Workspace (End Users) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Connecting to a Shared Workspace (Windows Clients). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Connecting to a Shared Workspace (macOS Clients) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Connecting to a Shared Workspace (Linux Clients). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Accessing File Gateway Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
If Users Cannot Connect to a Shared Workspace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Using This Guide
The Avid NEXIS | Linux File Gateway service enables network users to access Avid NEXIS workspaces in non-realtime scenarios and from devices that cannot use the Avid NEXIS | Client. The Avid NEXIS media network provides a high-performance distributed file system that contains high-capacity shared media storage for workgroups of connected workstations.
n This document describes the features for all Avid NEXIS shared storage networks. Therefore, your system might not contain certain features that are covered in the documentation.
If You Need HelpIf you are having trouble using your Avid product:
1. Retry the action, carefully following the instructions given for that task in this guide. It is especially important to check each step of your workflow.
2. Check the latest information that might have become available after the documentation was published.Always check online for the most up-to-date release notes or ReadMe because the online version is updated whenever new information becomes available. To view the online versions, visit the Knowledge Base at www.avid.com/support.
3. Check the documentation that came with your Avid application or your hardware for maintenance or hardware-related issues.
4. Visit the online Knowledge Base at www.avid.com/support. Online services are available 24 hours per day, 7 days per week. Search this online Knowledge Base to find answers, to view error messages, to access troubleshooting tips, to download upgrades, and to read or join online message-board discussions.
Accessing the Online Documentation
The Avid online documentation contains all the product documentation in PDF format. You can access the documentation from the Knowledge Base site specific to your release. Download and install Acrobat Reader before you access the PDF documentation.
Avid Training ServicesAvid makes lifelong learning, career advancement, and personal development easy and convenient. Avid understands that the knowledge you need to differentiate yourself is always changing, and Avid continually updates course content and offers new training delivery methods that accommodate your pressured and competitive work environment.
For information on courses/schedules, training centers, certifications, courseware, and books, please visit www.avid.com/support and follow the Training links, or call Avid Sales at 800-949-AVID (800-949-2843).
Avid Training Services
6
1 Avid NEXIS | Linux File Gateway Overview
Avid NEXIS | Linux File Gateway is a Linux-based application that can be deployed in Virtual Machine (VM) environments.
File Gateway Service
The Linux-based File Gateway runs in a CentOS virtual machine deployed in your environment. It enables network users to access Avid NEXIS workspaces in a non-realtime scenario.
n Not supported for connecting to Avid ISIS Workspaces.
Depending on the access permission, network users can read, write, and delete files on workspaces without using the Avid NEXIS client software; for example, on devices or operating systems that cannot run Avid NEXIS Client Manager, and devices that rarely attach and do not want to install the client.
Any client operating system that supports Server Message Block Version 3 (SMBv3) can connect to an Avid NEXIS | Linux File Gateway shared Workspace.
The Avid NEXIS and the File Gateway VM must all be synchronized with a common time-of-day. For information on setting the Network Time Protocol (NTP), see your Avid Administrator.
File Gateway Operation
Avid NEXIS | Linux File Gateway acts as an intermediary between users who cannot or choose not to use the Avid NEXIS Client and the Workspaces they need to access. As administrator, you share the Workspaces the users need to access. Then you create File Gateway users (separate from users created on the Avid NEXIS itself) or import users from LDAP groups managed by an external LDAP server in your environment.
Avid NEXIS | Linux File Gateway users connect to the Workspaces by mapping a network drive to the hostname or IP address of the File Gateway and the shared Workspace name, which consists of the Avid NEXIS shared-storage system name plus the Workspace name, separated by a dash (hyphen).
For example, assume you created a File Gateway with hostname of ACME-FileGateway, and an IP address of 198.51.100.19. This File Gateway has a shared Workspace named LocalWS2 on an Avid NEXIS named KLANews. The user connects to that workspace through its full pathname, as either of the following:
File Gateway Operation
One Avid NEXIS | Linux File Gateway can connect to only one Avid NEXIS system. However, you can configure multiple Avid NEXIS | Linux File Gateways in separate VMs that all connect to the same Avid NEXIS to improve performance and support large numbers of users connecting to shared Workspaces.
8
2 Installing Avid NEXIS | Linux File Gateway
This chapter lists the required tools and software, and describes how to: 1. Create and deploy a virtual machine for Avid NEXIS | Linux File Gateway2. Install the software for Avid NEXIS | Linux File Gatewayand Avid NEXIS Client in the VM3. Add the Avid NEXIS | Linux File Gateway(VM) IP address to your Active Directory domain, if
applicable4. Start the Avid NEXIS | Linux File Gateway application and activate the license
Prerequisites
Install Avid NEXIS | Linux File Gateway on any server hardware. Servers with single and dual 1Gbe and 10GbE NICs are supported. You will need the following applications, software and tools to successfully deploy an instance of Avid NEXIS | Linux File Gatewayin a virtual machine:
Application, Software or Tool Description
VM environment VMware ESXi, VMware Workstation Player, VMware Workstation Pro, Oracle VM VirtualBox
VM CPU cores 2 minimum, 4 recommended
VM memory 8GB minimum, 16GB recommended
VM disk space 100GB
VM network interface 1Gbps minimum, 10Gbps recommended
CentOS version 7.5 in DVD ISO format
Operating system to be installed in the File Gateway VM
Latest Avid NEXIS Client software kit for CentOS, version 2019.12 or higher
The Avid NEXIS Client software enables connections from File Gateway clients to the shared Workspaces
Avid NEXIS | Linux File Gateway software, version 2019.12 or higher
Software that enables sharing Avid NEXIS Workspaces to clients
Avid NEXIS | Linux File Gateway license activation code
Download from your Avid Master Account
WinSCP for Windows, or SCP for macOS or Linux
File upload utility to copy the binary files to Avid NEXIS | Linux File Gateway VM
PuTTY for Windows, or SSH terminal for macOS or Linux
Optional utility for accessing the VM for Avid NEXIS | Linux File Gatewayinstallation
Preparing the Environment
Preparing the EnvironmentInstall the tools and software necessary to deploy a virtual machine onto a local system in your environment. This system will run the virtual machine that hosts Avid NEXIS | Linux File Gateway. Refer to the table in Prerequisites for the download locations.
To prepare for the virtual machine creation and software installation:
1. Download a virtual machine application and install it on the physical server. 2. Download the full DVD ISO CentOS image from http://repos-va.psychz.net/centos/7.5.1804/
isos/x86_64 and save it (but do not install yet) on the same system.3. Download the latest Avid NEXIS CentOS Client software (named
AvidNEXISClient_el7.centos.x86_64_xxxxxxxx.bin) and Avid NEXIS | Linux File Gateway software (named AvidNEXISFileGateway_el7.centos.x86_64_xxxxxxxx.bin) from your Avid Master Account or from a local Avid NEXIS running version 2019.12 or higher.
4. Download and install WinSCP from https://winscp.net/eng/download.php.5. Download and install the 64-bit PuTTY application from https://www.putty.org/.
Creating and Configuring a Virtual MachineAvid NEXIS | Linux File Gateway software runs inside a CentOS-based virtual machine that you configure in your environment.
To create and configure a virtual machine:
1. Use the VM tool of your choice to create a new virtual machine. 2. IMPORTANT: Do not install the CentOS kit during the VM creation. Choose the option to
install the OS later, after the VM is created. 3. Specify a minimum disk size of 100GB.4. Customize the VM with these settings:
5. Select the option to create a new DVD/CD (IDE) and browse to the location where you downloaded the CentOS 7.5 DVD ISO file.
Installing CentOS in the VM
When the VM is created and configured, install the CentOS DVD ISO binary file you downloaded previously. Install only this CentOS version.
Option Setting
Memory 8GB minimum, 16GB recommended
CPU cores 2 minimum, 4 recommended
Network adapter Bridged (connected to physical NIC)
10
Installing CentOS in the VM
To install CentOS in the virtual machine:
1. Power on (play) the VM.2. Press Enter to install CentOS 7.
3. At the “Welcome to CentOS 7” screen, select English, then click Continue.
4. Click “Software Selection” and select “Infrastructure server,” then click Done.
11
Installing CentOS in the VM
5. Click “Installation Destination,” then under Local Standard Disks select “VMware Virtual Disk (100GiB),” then click Done.
6. Click Network and Hostname, then do the following:a. Set the Ethernet status to ON.b. Enter a VM hostname that is unique within your environment.
12
Installing CentOS in the VM
c. Click Apply, then click Done7. Click Begin Installation.
The installation process begins, as shown:
13
Installing CentOS in the VM
8. When the installation is complete, click Root Password.
9. Enter a new root password, then click Done.
14
Adding the CentOS VM to DNS and Active Directory
c Keep track of this root password. You will use it to upload files and install the File Gateway.
10. Click Finish Configuration, and wait for the installation to complete. 11. Click VM, then Shut Down Guest.
Adding the CentOS VM to DNS and Active DirectoryThis step is required if you want to use an LDAP server in your environment to import users of the File Gateway (see the description for a remote identity manager in “Configuring an Identity Manager” on page 21 for more information). Add the CentOS virtual machine to your DNS environment as follows.
15
Installing the Client and File Gateway Software on the CentOS VM
To add the CentOS VM to DNS:
1. Power on (play) the VM.2. Log in to the CentOS VM as root, with the password you configured during the CentOS
installation.3. Run the command ifconfig to identify the IP address for the Avid NEXIS | Linux File
Gateway. 4. Make sure this VM host name is not already being used.5. Add the CentOS VM hostname and IP address to the /etc/hosts file.6. Add the CentOS VM hostname and IP address to the /etc/resolv.conf file.7. Ask your IT administrator to connect to the VM IP address and join the VM to Active Directory
and verify it with the following commands:realm join [email protected] mydomain.localrealm list[root@FGWVM]# realm listglobal.acmecorp.com type: kerberos realm-name: GLOBAL.ACMECORP.COM domain-name: global.acmecorp.com configured: kerberos-member server-software: active-directory client-software: sssd required-package: oddjob required-package: oddjob-mkhomedir required-package: sssd required-package: adcli required-package: samba-common-tools login-formats: %[email protected] login-policy: allow-realm-logins
Installing the Client and File Gateway Software on the CentOS VM
The Avid Client Manager software and Avid NEXIS | Linux File Gateway software are included in the Avid NEXIS software kit, which you can download from your Avid Master account or from an Avid NEXIS running version 2019.12 or higher. See “Prerequisites” on page 9. This procedure assumes you have already downloaded the kits.
c Install the Client software first, then install the File Gateway software. The File Gateway installation depends on the presence of the Avid NEXIS Client.
16
Activating the File Gateway License
To install the client and File Gateway software on the File Gateway VM:
1. Start a file transfer program such as SCP or WinSCP and connect to the CentOS VM IP address, logging in as root with the VM password you configured previously.
2. Copy the Avid NEXIS Client bin file and the Avid File Gateway bin file to the tmp directory on the CentOS VM:
3. Open an SSH terminal session (such as PuTTY on a Windows client) and log into the CentOS VM with the same root user name and password as in previous steps.
4. Change directory to /tmp and make the Avid NEXIS Client binary file executable.5. Make the Avid NEXIS | Linux File Gateway binary file executable.6. Run (execute) the Avid NEXIS Client installer.7. Wait for the Client installation to complete, then reboot the VM.8. Run (execute) the Avid NEXIS | Linux File Gateway installer.
Activating the File Gateway LicenseWhen you log into a new (unactivated) Avid NEXIS | Linux File Gateway, the License tab is displayed. You must activate the license before the other tabs become active. This procedure assumes you have received your Activation ID and System ID from Avid.
You can activate the license online through an Internet connection (direct activation), or offline (indirect activation).
To use direct activation:
1. Open a browser and enter the IP address of the Avid NEXIS | Linux File Gateway VM. 2. Log in to the Avid NEXIS | Linux File Gateway as Administrator (default user name: fgw-
admin; default password: Admin#19). 3. On the License page, select the appropriate activation method from the drop-down list. 4. Enter the Activation ID and System ID, and click Activate.
If successful, the license information is shown in the Status fields, and you see a success message.
17
Activating the File Gateway License
To use indirect activation:
1. On the Avid NEXIS | Linux File Gateway VM, log in as Administrator (default user name: fgw-admin; default password: Admin#19).The License tab is displayed, and is the only tab available until the license is activated.
2. Copy the Device ID.3. On a computer with Internet access, go to https://my.avid.com/products/indirectactivation.4. Enter your Activation ID. If valid, the screen displays the Device ID and System ID fields.5. Enter your Device ID (copied step 2), System ID, and email address and click Submit.
n Entering your email address is recommended so you receive the license file, in case your Internet connection is interrupted before you can download it.
6. When the license file is available (can take a few minutes), click Download to retrieve it. Make the file available to the Avid NEXIS | Linux File Gateway VM (either by saving to a USB drive or copying to a shared network folder).
7. On the License page, select the appropriate activation method from the drop-down list. 8. Enter the Activation ID and System ID.
18
Changing the Administrator Credentials
9. Browse to the location of the downloaded activation file, and click Submit.10. You must log out and then back in for the license to be activated. When you log in again, if the
activation was successful, the license information is shown in the Status fields, and you see a success message. The other tabs in the File Gateway application are now available.
Changing the Administrator CredentialsImmediately after you activate the license, Avid strongly recommends you change the factory-default administrator name and password.
To change the administrator password:
1. Click the Credentials tab. 2. Enter a new administrator name and password, then click Save.
A tooltip describes the password criteria, including length and types of characters the password must contain.
Deactivating a LicenseYou can deactivate a license that was initially activated online, then reuse it if you need to delete and re-create your Avid NEXIS | Linux File Gateway VM (for example to increase its resources: see “Prerequisites” on page 9). To reuse a deactivated license, the new or modified Avid NEXIS | Linux File Gateway VM must have the same Device ID as before.
An offline license can be used only once. If you deactivate an offline license, you need a new license to reactivate the Avid NEXIS | Linux File Gateway.
n The Avid NEXIS | Linux File Gateway must be connected to the Internet to deactivate a license, regardless of how it was activated initially.
To deactivate a License:
1. Click the License tab. 2. Click Deactivate. 3. At the warning message, click OK to continue.
The license is deactivated and you must log out.
When you log in again, you must activate the same or a new license to resume using the Avid NEXIS | Linux File Gateway. If reusing the same license, all the shared workspaces, users, and Identity Manager settings remain intact from the previous activation.
Upgrading a File GatewayTo upgrade an Avid NEXIS | Linux File Gateway, follow the procedure for installing the Client and Avid NEXIS | Linux File Gateway software in the VM (see “Installing the Client and File Gateway Software on the CentOS VM” on page 16), and overwrite the current Avid NEXIS | Linux File Gateway bin file with a newer version. You do not need to upgrade the Client version as well unless noted in the Avid NEXIS ReadMe for the version you are upgrading to.
19
Upgrading a File Gateway
The Avid NEXIS | Linux File Gateway continues to use the same license. All the other settings (Identity Manager, users and Workspace access) remain the same.
20
3 Using Avid NEXIS | Linux File Gateway
This chapter describes how to use Avid NEXIS | Linux File Gateway, which includes (for the administrator) choosing a method to authenticate users, connecting to and sharing Workspaces from an Avid NEXIS, adding users and setting their access permissions to the shared Workspaces, and (for the users) connecting to the shared Workspaces.
n Avid NEXIS | Linux File Gateway works only with Avid NEXIS systems, not ISIS.
Configuring an Identity ManagerAn identity manager controls user access to the Workspaces. You can use only one option:• Local (default)—Use this option to use the integrated identity manager, then add File Gateway
users that can connect to shared Workspaces. To use the local identity manager, do nothing. Continue with “Changing the Administrator Credentials” on page 19.
• Remote—Select this option to use a remote service, such as your LDAP server, then add File Gateway users from the list of users configured as part of the LDAP service. The Avid NEXIS | Linux File Gateway must have network access to the LDAP server, such as through a LAN inside your facility firewall
c After you ch oose an Identity Manager and add users, you cannot switch to the other Identity Manager without losing any existing users and their configured Workspace access. Switching back requires re-adding those users and reconfiguring their access.
To use a remote identity manager:
1. Click the Identity Manager tab. 2. Click the Remote Identity Provider checkbox.
A warning message is displayed, informing you that switching between local and remote identity managers will cause you to lose any currently-configured users and their Workspace access. Click OK to continue.
3. Enter the appropriate information for your LDAP server. The “ldap” protocol is the default. In the User DN field, enter your own LDAP user information to establish the connection between Avid NEXIS | Linux File Gateway and the LDAP server.
4. Click Save. 5. Click Test Connection. This is required to establish the connection between Avid NEXIS | Linux
File Gateway and the LDAP server. 6. In the dialog box, enter your domain credentials (required). If successful, a message is shown
that the connection was successful.
c If the domain name in your organization changes, make sure to change it in the Avid NEXIS | Linux File Gateway application as well. Otherwise users will no longer be able to connect to shared Workspaces.
Connecting to Avid NEXIS and Sharing Workspaces
Connecting to Avid NEXIS and Sharing WorkspacesAn Avid NEXIS | Linux File Gateway supports connecting to, and sharing Workspaces for, only one Avid NEXIS. If you need to support File Gateway access to more than one Avid NEXIS, configure additional Avid NEXIS | Linux File Gateway VMs for each.
There is no limitation on the number of Workspaces you can share with File Gateway. However, Windows clients using drive letters to access the Workspaces are limited to 26 connections, minus any existing system partitions.
To share Avid NEXIS Workspaces:
1. Click the System tab. 2. Click Connect.3. In the dialog box, enter the IP address of the Avid NEXIS you want to connect to, and the Avid
NEXIS administrator name and password, then click Connect.The status bar shows that File Gateway is connected to the Avid NEXIS.
Avid NEXIS | Linux File Gateway must be connected to an Avid NEXIS only when you are adding shared Workspaces, or to display changes to the Workspaces on the Avid NEXIS (Workspaces that have been renamed, added, or deleted). Any currently-shared Workspaces remain shared even if the File Gateway is not connected to the Avid NEXIS. If the File Gateway is not currently connected to the Avid NEXIS, you cannot see the Workspaces list in the left panel, but you can still see and remove shared Workspaces in the Shared Workspaces list. You can also add or change user access to those Workspaces (on the Access tab).You do not need to expressly disconnect from the Avid NEXIS; however if you want to, refresh the browser window in which File Gateway is running, then log back in. The connection to Avid NEXIS is dropped.
4. Select one or more Workspaces from the list on the left, then click Share. Because the Workspaces on the Avid NEXIS are subject to change at any time, click Refresh to see the updated list. If there are more Workspaces than can be displayed on one page in the File Gateway, the list is divided into multiple pages. Click the forward or back arrows or the page numbers to see additional pages of Workspace entries.
mmmmmmmmmmmmmmmm
22
Removing Shared Workspaces
g You can select Workspaces from several pages at one time.
Removing Shared WorkspacesTo stop further access to a shared Workspace, you can remove it from the shared list. Users can no longer access that Workspace unless you share it again.
To remove a shared Workspace:
1. Click the System tab.2. In the Shared Workspaces list, select one or more Workspaces.3. Click Unshare Workspace.
The Workpsaces continue to exist on the Avid NEXIS, but File Gateway users can no longer write to them.
Adding and Removing Remote UsersThis procedure adds users configured as part of your environment’s LDAP service to the list of users who can have access to Avid NEXIS Workspaces.
To add remote users:
1. Click the Users tab. 2. Confirm that the File Gateway is connected to the Remote LDAP server, as shown in the
following figure. If not, click the Identity Manager tab and either configure the remote LDAP server or connect (click Test Connection), then return to the Users tab. For more information, see “Configuring an Identity Manager” on page 21.
3. The users and groups known to the LDAP server are shown in the list. If there are more groups or users than can be displayed on one page, they are shown on multiple pages. Click the forward or back arrows or the page numbers to see additional pages of groups and users.
4. Use the Filter to search for the group to which the user belongs.5. Select a group. The members of that group are shown to the right of the group list.6. Select one or more users (to select all members of the group, click All), then click Add User.
To remove remote users:
1. Click the Users tab. 2. In the File Gateway users list, select one or more users, then click Remove User. The File
Gateway does not need to be connected to the Remote LDAP server. This procedure deletes the user from the File Gateway users list, not from the LDAP server.
23
Adding Local Users
Adding Local UsersBy default, Avid NEXIS | Linux File Gateway uses its own local (integrated) Identity Manager. This procedure assumes you are using the default local Identity Manager. To make sure, see “Configuring an Identity Manager” on page 21 before continuing.
n The File Gateway’s user namespace is independent from that of the Avid NEXIS. You can have users in common, but the File Gateway user name and password can be different from the name and password on the Avid NEXIS for the same person. Adding or removing a local File Gateway user has no effect on the Avid NEXIS users.
Each user has the following attributes:• Display Name—This can be the user’s full first and last names, to distinguish them from other
users: for example, Mary Smith. Display names do not need to be unique on the File Gateway, to support multiple users with the same real name.
• Username—This is the user’s login name: for example, msmith. Each username must be unique on the File Gateway and must follow the rules for user names. See the tooltip for details.
• Password—This is the password used to connect to the shared Workspaces when mapping a connection (see “Connecting to a Shared Workspace (Windows Clients)” on page 25). It does not have to be the same as the user’s regular network password, or their password (if any) to connect to an Avid NEXIS. This password is used only for making connections to the shared Workspaces. You must securely inform all Avid NEXIS | Linux File Gateway users of their password for this connection.
To add local users:
1. Click the Users tab. 2. Click Add. 3. In the User Details section, enter the required information, then click Save.
File Gateway Display names and LDAP usernames do not have to match the user’s network login credentials. However, you must inform each user of the File Gateway credentials they need to use to access shared Workspaces.
To remove local users:
1. Click the Users tab. 2. In the File gateway users list, select one or more users, then click Remove user.
Configuring Access from Users to WorkspacesFor users to be able to access the Workspaces, you must set user access permissions for the shared Workspaces.
The Toggle View button lets you display users on the left or Workspaces on the left, depending on your goal:• File Gateway Users View—Show users on the left to configure access for a user to multiple
Workspaces at a time• Shared Workspaces View—Show Workspaces on the left to configure access to a Workspace by
multiple users at a time
24
Connecting to a Shared Workspace (End Users)
To configure user access to multiple Workspaces:
1. Select a user.2. In the Workspaces panel, select one or more Workspaces that this user can access, select an
access type, then click Save.
n The selected access type applies to all selected Workspaces. To set different access types to different Workspaces, do them in batches: for example, select multiple Workspaces, select Read/Write, and click Save. Then select other Workspaces, select Read Access, and click Save. Continue until the user has the appropriate access to the Workspaces.
To configure Workspace access by multiple users:
1. Click Toggle View to display Workspaces on the left.2. Select a workspace.3. In the Users panel, select one or more users that can access this workspace, select their access
type, then click Save.
n The selected access type applies to all selected users. To set different access types to different users, do them in batches: for example, select multiple users, select Read/Write, and click Save. Then select other users, select Read Access, and click Save. Continue until the workspace has the appropriate access by all the necessary users.
Connecting to a Shared Workspace (End Users)The File Gateway administrator will tell you whether you are a local user or a remote LDAP user. The way you connect to the share depends on which user type you are.
File Gateway users connect to the shared Workspace to upload files by using File Explorer (on Windows systems) to map a network drive to the File Gateway and the full name of the shared Workspace, which includes the Avid NEXIS name and the Workspace name, as follows:• Connecting with the File Gateway DNS name (hostname) (for both local and remote users):
\\<FileGatewayHostname>\<AvidNEXIS_name>-<Workspace_name>For example: \\ACME-FileGateway\KLANews-IngestWorkspace
• Connecting with the File Gateway IP Address (for local users only):\\<FileGatewayIPaddress>\<AvidNEXIS_name>-<Workspace_name>For example: \\198.51.100.19\KLANews-IngestWorkspace
Connecting to a Shared Workspace (Windows Clients)
To connect to a shared Workspace on Windows:
1. Open Windows Explorer and enter the hostname or IP address (for local users only) of the File Gateway into the location field.
2. When prompted, enter your user name and password as configured on the File Gateway (get this information from the File Gateway administrator).t If you are a local user on the File Gateway, enter your local File Gateway user name and
password (get this from the File Gateway administrator).t If you are a remote LDAP user, enter your regular network user name but do not enter a
password. You will be authenticated by your environment’s Active Directory server.
25
Connecting to a Shared Workspace (End Users)
3. You can see any shared Workspaces to which you have read or read-write access. Double-click a Workspace to open it, to paste or drag media into it.
Connecting to a Shared Workspace (macOS Clients)
On macOS, users can use the Finder as follows:
To map a shared workspace:
1. At the Mac Finder level, under the Go menu, enable Connect to Server (Command-K).2. In the Connect to Server window, enter the path to the File Gateway by either its IP address or
hostname. For example:smb://198.51.100.19/An authentication window opens.
3. Enter the name and password of a user on the File Gateway, then click Connect.
26
Accessing File Gateway Logs
The File Gateway Workspace is mounted as a volume on the Mac desktop.
Connecting to a Shared Workspace (Linux Clients)
On Linux, users can mount a shared Workspace as follows:
To map a shared workspace (local LDAP):
1. Install the CIFS utilities or make sure they are already installed.2. Make and mount a directory for the shared Workspace.
To map a shared workspace (remote LDAP):
1. Install the Kerberos utility or make sure it is already installed.2. Add your logging and LDAP domain information to the Kerberos configuration file.3. Obtain a new Kerberos ticket with your remote LDAP user account, and verify the ticket was
granted.4. Make and mount a directory for the shared Workspace with CIFS.
Accessing File Gateway LogsThe File Gateway logs are stored in the File Gateway VM in the following directories:
To see the File Gateway version, click Help in the File Gateway UI or run the following command:
cat /avid/logs/version.log
If Users Cannot Connect to a Shared WorkspaceSome Windows 7 or Windows 10 clients might be unable to access the Samba shared server, especially if they do not recognize the Samba shared LDAP password. If you are continually asked for credentials and not logged in, you must change the LAN Manager authentication level.
To change LAN Manager authentication:
1. Run the Local Group Policy Editor:gpedit.msc
2. In the Local Computer Policy panel, click Computer Configuration, then Windows Settings, then Security Settings, then Local Policies, then Security Options.
Log Path Description or Use
/avid/logs Installation and application logs
/var/log/samba Troubleshooting client connection issues for shared Workspaces
27
If Users Cannot Connect to a Shared Workspace
3. Scroll down to find the entry “Network security: LAN Manager authentication level,” and double-click to open it.
4. In the drop-down list, select “Send NTLMv2 response only,” then click OK.
28
If Users Cannot Connect to a Shared Workspace
5. Click Yes to confirm the setting change.
6. Try again to access the shared Workspace; see “Connecting to a Shared Workspace (Windows Clients)” on page 25.
29
Index
AActivating the File Gateway license 17Active Directory, adding VM to 15Adding
local File Gateway users 24remote File Gateway users 23shared Workspaces 22
Administrator account, File Gateway 17Avid
online support 5training services 5
Avid NEXISconnecting 22disconnecting 22
CChanging
File Gateway credentials 19LAN Manager authentication 27
client OSSMBv3 support 7
Client software, installing 16Configuring
user access to Workspaces 24Connecting
to Avid NEXIS (from File Gateway) 22to shared Workspaces (by users) 25
Creating a virtual machine 10
DDeactivating the File Gateway license 19, 19Deploying a File Gateway VM 10Disconnecting from Avid NEXIS 22DNS, adding VM to 15
FFile Gateway
activating the license 17adding local users 24adding remote users 23adding to AD 15administrator name 17administrator, changing credentials 19client OS support 7deactivating the license 19, 19default password 17defined 7
installing 9license
activating 17deactivating 19, 19
logs 27operation 7overview 7preparing for installation 10service 7users, local 24users, remote 23version information 27
IIdentity Manager
configuring 21defined 21local vs remote 21
Installationpreparing for 10prerequisites 9
InstallingCentOS 10Client software 16, 16File Gateway software 16PuTTY 10WinSCP 10
LLAN Manager authentication, changing 27Logs 27
OOnline support 5
PPassword, default, File Gateway 17
RRemoving shared Workspaces 23
SShared Workspaces
connecting 25
30
Sharing Workspaces 22SMBv3 7
TTraining services 5Troubleshooting 5Troubleshooting user connections 27
UUnsharing Workspaces 23Users
adding (local) 24adding (remote) 23configuring access to Workspaces 24
VVersion, displaying 27Virtual machine
adding to AD 15adding to DNS 15creating 10deploying 10
WWorkspaces
adding to shared list 22configuring user access to 24connecting 25removing from shared list 23sharing 22unsharing 23
31