Configure Multiple FileXpress Proxy Servers

The FileXpress Gateway Proxy server runs two services:

  • FileXpress Transfer Server
    Provides the Transfer Client web application. When users log in, the Transfer Server communicates with the Gateway Administrator web service to authenticate users.
  • FileXpress Secure Shell proxy
    Creates transfer site directories on the designated file storage server and manages Secure Shell encrypted transfer between the user workstation and these directories. Communicates with the Gateway Administrator web service to get required information such as user authentication, transfer site access, and transfer site permissions.

To ensure high availability of these services, you can configure multiple FileXpress Proxy servers and use a DNS alias or third-party load balancer to distribute the load between these servers and provide failover support.

Note: By default, the FileXpress Gateway Administrator is configured to store files on the FileXpress proxy. This option is not supported if you use multiple FileXpress Proxy servers, because there is no replication of data between these servers. To support a configuration with multiple FileXpress Proxy servers, you must configure file storage on an SFTP server.

Setting up multiple FileXpress Proxy Servers

When you configure multiple FileXpress Proxy servers, each instance must be identically configured, and must be able to communicate securely with the Gateway Administrator web service. An internal password used to secure this connection is established when you click the Activate and verify button in the FileXpress Secure Shell Proxy. Each time you do this, the internal password is updated. This means that activating and verifying on one FileXpress Proxy in your group will invalidate the existing configuration of other FileXpress Proxies. To avoid this problem and to ensure your servers are identically configured, use the following procedures to set up one FileXpress Proxy server, then copy required files from this server to the additional servers.

Before you begin

  • Install the FileXpress Gateway Proxy services on each computer you are configuring.
  • Log onto the Gateway Administrator and go to System > File Storage and confirm that SFTP server is selected and that a connection to an SFTP server has been configured.

To configure interchangeable FileXpress Proxy servers

  1. Select one FileXpress Proxy server for initial configuration. If you have an existing instance, use it. Start the FileXpress Secure Shell Proxy console on this server.
  2. On the Configuration tab, click FileXpress Users in the left-hand panel.
  3. Enable Allow access to FileXpress users if it is not already enabled.
  4. Set Gateway Administrator host to the host name of your Gateway Administrator host or your cluster alias.
  5. Save your settings (File > Save Settings).
  6. Click Activate and verify. Click Yes when prompted to restart the FileXpress Transfer Server service.

    This action updates the Secure Shell Proxy's trustedWebService.cer and RSITDatabase files; and the Transfer Server's trustedWebService.cer and container.properties files.

  7. On each destination server, stop the FileXpress Secure Shell Proxy and the FileXpress Transfer Server.
  8. Copy the required FileXpress Secure Shell Proxy configuration files and FileXpress Transfer Server configuration files to each destination server.
  9. Restart the FileXpress services on each destination server.

If you set up a DNS alias to provide load balancing and failover for your Proxy Servers, Transfer Client users will connect using this alias. If you use email notifications and are currently using a different server name, you need to update the base server URL used in email message links.

To update email notifications

  1. Locate the properties file on the Gateway Administrator computer, and open it in a text editor. The default location of this file is:

    C:\Program Files\Attachmate\FileXpress\Gateway\GatewayAdministrator\conf\container.properties

  2. Edit the transfer.server.url setting to point to the DNS alias. For example:

    transfer.server.url=https://filexpresscluster.com:9492

  3. Save the edited properties file.
  4. Restart the Attachmate FileXpress Gateway Administrator service.

Required FileXpress Secure Shell Proxy configuration files

The following files used by the FileXpress Secure Shell Proxy must be manually copied to every FileXpress Proxy instance. Restart the FileXpress Secure Shell Proxy Server after making these changes. These files are located in the follow directory by default:

C:\ProgramData\Attachmate\RSecureServer

File

Description

rsshd_config.xml

The FileXpress Secure Shell Proxy configuration file. The settings saved to this file include the values you have specified on the FileXpress Users tab for connecting to the Gateway Administrator host name and port.

Note: If you modify any settings using the FileXpress Secure Shell Proxy, you need to redistribute this file to your duplicate servers.

RSITDatabase

The FileXpress Secure Shell Proxy's encrypted credential cache.

RSITDatabase.sec

This file contains the key required to decrypt the credential cache and is required to use the cache.

trustedWebService.cer

Contains the public key used to authenticate FileXpress Gateway Administrator. This file is created when you click the Activate and Verify button on the FileXpress Users pane.

hostkey

The private key of the public/private host key pair used to authenticate this server.

hostkey.pub

The public key of the public/private host key pair used to authenticate this server.

Required FileXpress Transfer Server configuration files

The following files used by the FileXpress Transfer Server must be manually copied to every FileXpress Proxy instance. Restart the Transfer Server after making these changes. These files are installed to the following folder by default:

C:\Program Files\Attachmate\FileXpress\Gateway\TransferServer\

Note: To simplify configuration, you can copy all files from the conf and etc folders. This list describes only the required files.

File

Description

conf\container.properties

The Transfer Server properties file. This file configures the Gateway Administrator host and port, and the internal password used for to secure the connection. If you have configured a certificate from a commercial CA, configuration information is also included in this file.

etc\trustedWebService.cer

The public key used for authenticating the Gateway Administrator.

etc\servletcontainer.jks

-OR-

This is the default self-signed server certificate. If you are still testing and have not installed a certificate signed by a commercial Certificate Authority, copy this file to the other servers.

Your CA-signed server certificate in a .jks, .p12, or .pfx file

If you have replaced the default self-signed server certificate with a certificate signed by a commercial Certificate Authority, copy the CA-signed certificate to the location specified in container.properties under servletengine.ssl.keystore.