Admin Manual

This document is targeted administrators who is about to setup accsyn for first time use and further configuring the software. 

For further documentation and resources: support.accsyn.com.

Contents

Minimum requirements

• A computer with at least 1GB RAM running Windows Vista or later, Mac OS X 10.7 or later  (For detailed requirements, see: https://www.oracle.com/technetwork/java/javase/config-417990.html).

• An Internet connection allowing outgoing traffic on port 443 TCP (HTTPS) and incoming traffic at standard port range 45190-45210 TCP (ASC - Accsyn fast Secure Copy protocol) plus at least one low port - for compatibility with user restricted networks.

• Direct or networked access to storage with read and write permission to at least one directory.

Locating a computer for serving files

accsyn relies on having at least on "server" installed - the background daemon app that can operate within your network premises, serving files to external clients. Depending on your internal security routines and the way you plan to send files you can either install Accsyn server directly on your fileserver or on a staging server (i.e. current FTP server) on a separate network / demilitarised zone. 

Note: We also provide other options to host the storage for you in the cloud, if you have limited or no possibility to install the server within your current network premises.

Security considerations

accsyn differs from other file server software solutions such as FTP/WWW/RSYNC in the sense that no process is listening for incoming network connections 24/7 on your local network. This alone is a vulnerability and puts your data to risk. Instead, accsyn launches the server party process only during transfer having a build in firewall that is locked to remote WAN IP only not accepting any connections except the encrypted stream from remote server/client.

Another important aspect is user management and logins; no passwords are stored in application itself, users pick their own password that needs to be known by no one but the user itself. 

No files are stored in the cloud, only metadata such as filenames, directory paths and file sizes. Files sent through web browser are streamed from server and never stored on cloud disk storage during transfer.

Access to shares are defined by roles and ACLs for granularity; a transfer job cannot be submitted to accsyn without a thorough run through ACLs. After that point a transfer package is locked and obscured at both ends using UUID:s.

GDPR; accsyn does not need to store any personal data except your E-mail address, name and a log of access events used to track your account activities for security reasons. This personal data is stored in your database only and is not shared by any means to other third party vendors.

For an in-depth breakdown of accsyn internal security, find articles here: support.accsyn.com.

Setting up accsyn for first time use

Initiating the 30 days free trial

accsyn comes with an initial free 30 days trial having no limitations on usage or features, after the end of trial period your will have to decide on subscription agreement to receive your permanent license. To setup your own accsyn follow this link:

signup.accsyn.com 

Notes: 

• • Trial installation data is preserved when converting to a licensed instance, with no reconfiguration of servers/clients needed.

  • Make sure you are running a certified web browser:  Chrome (recommended), Firefox, Edge, Opera, Safari or Internet Explorer 9+

The setup phase is self-explanatory and well aided in your web browser, from here on we add additional help and guidelines to the process.

Registering for accsyn

All logins in accsyn are E-mail addresses, choose a proper E-mail address for your admin account when signing up for the trial. This E-mail will be your future login for managing accsyn invoices and other communication with accsyn staff. 

Note: If you need to switch E-mail down the line, reach out to us and we will assist you in the process.

Setup step 1 - Choosing a domain name and boot up your instance

This first step boots up your private accsyn domain/instance in the cloud and makes it ready to be setup. 

You as a customers is identified by your unique domain, which builds the address to your accsyn: "https://<domain>.accsyn.com". The domain name can only contain letters a-z and number 0-9 and should be fairly short to make it easy to type in your web browser.

IMPORTANT NOTE: Domain name cannot be changed afterwards, your will have to setup a new domain and request a license & database transfer in case your need another name.

As a complement to the domain name, you can also set a full human readable name that will be used instead of the domain name within the software. You give this name at the end of the setup process.

Setup step 2 - Installing the accsyn server background daemon on main site

The second step aids you in installing the daemon app on a machine attached to storage, for serving your files. Links to the server installer are displayed in web app install wizard, otherwise they can be figured out based on your domain:

WINDOWS

https://<yourdomain>.accsyn.com/app/accsyn-daemon-win64.exe

MAC

https://<yourdomain>.accsyn.com/app/accsyn-daemon-macosx.dmg

LINUX

https://<yourdomain>.accsyn.com/app/accsyn-daemon-unix.sh

Download and run the installer for your operating system/platform.  

By default, the daemon will run as the default LocalSystem account (Windows) / root (*NIX). User account can be changed during installation, as well as umask on *NIX systems. 

Installation troubleshooting

WINDOWS

• • Java comes bundled with the Windows installer, there is no need to install Java in advance.

  • Windows defender or other antivirus softwares might block installer telling you application is unrecognised, solve this by clicking the Run Anyway button or More info > Run Anyway (Windows Defender) or temporarily pause antivirus software during installation.

  • (Custom service user) The service user account you choose must be granted the Log on as a service right in order to start the service. Log on as administrator, goto Administrative Tools>Local Security Policy>Local Policy>User Rights Assignment and add the user to 'Log on as a service' group.

MAC

• • The .dmg will appear as a mounted disk image. Run the installer within.

  • Java comes bundled with the Mac installer, there is no need to install Java in advance.

  • A dialog appears telling you that developer cannot be verified; fix this locating the downloaded DMG in Finder > Right click "accsyn Daemon Installer" within > Click "Open".

  • (Catalina+) GateKeeper/sandboxd might deny accsyn to access certain disks and folders; fix this by opening System Preferences>Security & Privacy, go to Privacy tab>Full Disk Access and add "/bin/sh" binary to list. Make sure the checkbox is checked.  

  • (Catalina+) In some cases, GateKeeper within Mac OS X might still reject accsyn. Attempt setting the extended attribute on launchers: sudo xattr -r -d com.apple.quarantine /Applications/Accsyn.

  • The default system user accsyn Daemon will run as might not have read access to disks/storage mounted as another user, to remedy this - change the user Accsyn Daemon is running as. See Administering the accsyn Background Daemon App below. 

LINUX

• • The installer relies on Java being present at the host, as Java is not bundled with installer:

RHEL/CentOS 7 and earlier; sudo yum install java-1.8.0-openjdk-headless 

RHEL/CentOS 8 or later: dnf install java-17-openjdk-headless

Ubuntu: sudo apt-get install -y default-jre-headless

openSUSE: sudo zypper --non-interactive install java-1_8_0-openjdk-headless

• The permissions of the installer need to grant execution rights, run chmod 755 accsyn-daemon-unix.sh  to fix permissions and then retry installer launch.

Enter the PIN number given in web app setup wizard to authenticate yoursel using email and password.  Configure an optional username to run daemon as, and on Unix systems, the umask.

Troubleshooting: 

• • If the server is already installed, it will ask to upgrade instead. Make sure to uninstall previous installed servers before you proceed - only one accsyn server can be installed at the same time. To choose an other user or change umask (Mac/Linux), you will need to reinstall the accsyn daemon and it will ask if you want to do a clean install (erase configuration) or not. 

  • If you have problems validating the PIN try reloading your web browser - a new PIN will be generated, otherwise reach out to accsyn support to get assistance.

  • You can re-install/relocate the server later and even install more servers serving other root shares. You can have up to 256 servers installed at the same time.

Setup step 3 - Configure firewall

The third step assists you in opening up and forwarding the required ports in your firewall to enable accsyn fast transfer copy TCP protocol over the Internet.

Note: If you intend to run transfers over LAN/VPN only, this step can be skipped.

The NAT port forwards are required for utilising fast file transfers to and from your premises, without storing any files in the cloud. If you have no possibility forwarding ports you can either step back and only use the web browser transfer functionality or setup a proxy server in the cloud or at another premise to enable a 2-step haul of files to your premises. Please contact accsyn support to get assistance setting up such a proxy solution.

Setup step 4 - Browse root share

The fourth step is where you browse to the folder on server which should be accessible to accsyn - the root share. accsyn has to be able to at least read the volume, preferably read+write in order to fully function.

Notes: 

• • You can edit the root share afterwards and relocate to another directory or server.

  • Multiple root shares can be present, but only one can be the default were hooks are run and user home shares are created (see below).

  • Files created will have permissions dictated by the running environment of the daemon background operating system process. See below for directives on how to change system user and apply an umask (*NIX).

Setup step 5 - Finish up

Here you finish setup with a few more inputs:

• Define where home shares should be created, defaults to "accsyn" folder directly beneath root share. You can turn of creation of home shares to only have users receive packages and not be able to upload back to your organization.

• Set your own name for organisation (optional). If not entered, the domain name will be used. Can be changed afterwards.

After you have finished up you are directed to the user admin pages, the next step would be to invite users to your accsyn so they can start transferring files. A quick recap on clearance levels/roles so you not by accident hand out wrong files and directories to remote users:

• Admins; are allowed to administrate accsyn and upload/download without restriction from root share(s).

• Employees; are allowed to invite users, send packages to users and upload/download without restriction from root share(s).

• Restricted users (default clearance); users that only get access to packages you send to them and shares you give explicit access to through ACLs.

Installing accsyn desktop app

The desktop app is were you submit and monitor accsyn transfer jobs. Links to the desktop installer should have been mailed to you/org admin E-mail account, they can also be find at https://accsyn.com > Download section.

You can also find them at https://<yourdomain>.accsyn.com/ and go to "APP" section or  they can be figured out based on your domain:

Mac:

https://<yourdomain>.accsyn.com/app/accsyn-macosx.dmg

Windows:

https://<yourdomain>.accsyn.com/app/accsyn-win64.exe

Linux:

https://<yourdomain>.accsyn.com/app/accsyn-unix.sh

https://<yourdomain>.accsyn.com/app/accsyn-<version>.x86_64.rpm

https://<yourdomain>.accsyn.com/app/accsyn_<version>_all.deb

Notes: 

• • The desktop app is designed to be used by users/clients with the goal to easily present status about ongoing file/metadata transfers, it does not provide a fully fledged admin interface. accsyn is configured using the web admin pages or accsyn Command Line Interface (CLI).

  • See daemon app troubleshooting above if you run into operating system specific issues.

Please direct your employees and clients to have a look at the  accsyn User Manual to get started using the Accsyn desktop app. 

Administering the accsyn background daemon app

Administrating accsyn background service on Mac

Controlling daemon:

sudo launchctl start com.accsyn.daemon

sudo launchctl stop com.accsyn.daemon

Daemon config location:  /Library/LaunchDaemons/com.accsyn.daemon.plist 

Location of log files (troubleshooting):  /var/log/accsyn 

accsyn daemon config location:  /Library/Preferences/com.accsyn/ 

Change user that server process will run as

Reinstall accsyn and choose user (uninstall followed by an install). Configuration will be preserved if you choose not to erase it. 

The user can also changed manually without reinstall:

1. Open a terminal and become root.

2. Stop and unload accsyndaemon: sudo launchctl stop com.accsyn.daemon && sudo launchctl unload /Library/LaunchDaemons/com.accsyn.daemon.plist

3. Edit /Library/LaunchDaemons/com.accsyn.daemon.plist and add the UserName key, see example below.

4. Make sure user has permission to write to folders /var/log/accsyn and /Library/Preferences/com.accsyn

5. Load and start daemon again: sudo launchctl load /Library/LaunchDaemons/com.accsyn.daemon.plist

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

    <key>Label</key>

    <string>com.accsyn.daemon</string>

    <key>ProgramArguments</key>

    <array>

        <string>/Applications/Accsyn/accsyndaemon</string>

        <string>start-launchd</string>

    </array>

    <key>KeepAlive</key>

    <false/>

    <key>RunAtLoad</key>

    <true/>

    <key>UserName</key>

    <string>theusername</string>

</dict>

Example launchctl configuration for running accsyn daemon in user space.

Note: If you have been running accsyn service elevated and switch to a non-elevated user, you will need to open up permissions on these folders: /var/log/accsyn, /Library/Preferences/com.accsyn, /tmp/.accsyn

Administrating accsyn background daemon on Linux

Controlling daemon:

sudo systemsctl stop accsyndaemon

sudo systemsctl start accsyndaemon

Controlling daemon on older systems (systemctl not available):

sudo service accsyndaemon start

sudo service accsyndaemon stop

Location of log files (troubleshooting):  /var/log/accsyn 

Service config location: /etc/systemd/system/accsyndaemon.service (/etc/init.d/accsyndaemon on older systems) 

Change user that server process will run as

To change the user daemon is running as or umask, reinstall accsyn (uninstall followed by an install). Configuration will be preserved if you choose not to erase it. This can also be done manually by editing /etc/systemd/system/accsyndaemon.service and change User key followed by a restart

[Unit]

Description=AccsynDaemon

Before=multi-user.target graphical.target

After=network-online.target remote-fs.target time-sync.target

Wants=network-online.target

[Service]

Type=simple

ExecStart="/usr/local/accsyn/accsyndaemon" start-launchd

User=myuseraccount

SuccessExitStatus=0 143

KillMode=process

[Install]

WantedBy=multi-user.target graphical.target

Example systemd configuration for running accsyn daemon in user space.

Note: If you have been running accsyn service elevated and switch to a non-elevated user, you will need to open up permissions on these folders: /etc/accsyn, /var/lib/accsyn and /tmp/.accsyn.

Enabling low port file transfers

To be able to have server bind to a port < 1024, permission needs to be granted in the operating system. Launch a terminal as root and run:

setcap 'cap_net_bind_service=+ep' /usr/lib/jvm/jre/bin/java

Note: the Java path might be different based on your Linux distribution, find out the executable path by running "ps aux" while accsyn daemon is running.

 Combined with running as a standard non privileged user account, Java can refuse to start with this error:

/usr/lib/jvm/jre/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory

If so is the case, add libjli location as a trusted runtime loader path by creating /etc/ld.so.conf.d/java.conf with the content:  

[JRE_HOME]/lib/amd64/jli

Then restart the machine to have configuration take effect.

Administrating accsyn background service on Windows

Controlling service (GUI):

1. Open Services through Control Panel or Task Manager.

2. Locate the "accsyndaemon" service.

3. Right click and run start/stop commands.

To change the user daemon is running as, reinstall accsyn (uninstall followed by an install). Configuration will be preserved if you choose not to erase it.

Controlling service (DOS prompt, elevated):

sc stop accsyndaemon

sc start accsyndaemon

Location of log files (troubleshooting):  C:\ProgramData\accsyn\log 

accsyn daemon config location:  C:\ProgramData\accsyn 

Note: If you have been running accsyn service elevated and switch to a non-elevated user, you will need to open up permissions on the C:\ProgramData\accsyn folder.

Background watchdog

accsyn also installs a watchdog that checks daemon every 5 min and restarts it if has not responded. The watchdog also restarts the daemon upon a remotely initiated update, if daemon is configured to run as a different user than the default.

 To disable this behaviour, set environment variable ACCSYN_DISABLE_WATCHDOG=1. You can also uninstall the watchdog using the CLI (as root/elevated): "accsyn daemon check_uninstall".

Updating accsyn

Major updates to accsyn, that requires all instances/clients to be re-installed and breaks backward compatibility, is called a major version upgrade. For example going from version 3.x to 4.x. This is upgrade action will be planned together with you as the domain admins, with the builtin safety that clients will be warned and enforced to upgrade directly when launching the desktop app. 

Note: Before doing an upgrade, older versions will be saved and can be restored if upgrade fails.

Minor updates and bug fixes are deployed regularly and announced by E-mail after they complete, including changelog and links to updated installers, for example updating from v2.1 to v2.2.

IMPORTANT NOTE: All accsyn domains does not necessarily run the exact same version, your instance might be ahead or behind in version. It is important your download and use the installers from your accsyn domain so you can be 100% the different apps play well together. We are striving towards having a generic communication protocol that are software version agnostic, but in order to be able to evolve the software and maintain security and performance, we regularly need to rewrite algorithms and therefor a major upgrade is required.

Updating your daemon through admin pages

1. Login to web application (<domain>.accsyn.com) as an admin.

2. Go to ADMIN>SERVERS.

3. Locate the server and edit it (double click).

4. Click [UPDATE ACCSYN] to initiate the update.

Updating your desktop app

1. Open and logon to your app.

2. Go to your prefs (gear icon in upper right corner).

3. Click [Upgrade Accsyn] and follow the instructions.

Downloading installers

1. Use the links above beneath section "Installing the accsyn background daemon".

2. Logon to web application and got to GET APP section, there you will find link to installers.

Cloud database and backups

The accsyn underlaying database is backed up every night at 3.00pm and can be restored on request. A backup of the database is also taken prior to upgrade and will be restored if an update is rolled back.

Note: No passwords or other user personal data is stored in the database/cloud instance. accsyn utilises Auth0 which is GDPR compliant.

Configuring accsyn using web application

The preferred and easiest way to administer accsyn is through your web browser, this can be done from any computer having a Internet connection running any of these web browsers:

• Chrome (recommended)

• Firefox

• Edge

• Opera

• Safari

• Internet Explorer 9+

Logging in and accessing admin pages

1. Open your web browser and go to your accsyn @ https://<domain>.accsyn.com and login with an admin account.

2. Go to admin section by clicking ADMIN link in upper left corner or [ADMIN] button in at bottom of TRANSFERS view. 

Note: Employees can view configuration but make no changes.

Admin dashboard

The admin dashboard shows a summary of your accsyn, with relevant data such as:

• The latest shared directories.

• The root shares and the employees/admins having access to those.

• Your license status.

Manage users

(ADMIN>USERS)

accsyn users are identified by their E-mail address and they choose their own password. accsyn as of v1 support user roles, separated by the following three(3) clearance groups:

• Admin; Are allowed to administrate accsyn, and upload/download without restrictions from any share (including root shares).

• Employee; Are allowed to upload/download without restrictions from any share (including root shares).

• User (default); Are only allowed to access shares (not root shares) given explicit permission through ACLs (Access Control Lists).

It is up to you how you plan your users and shares, keep in mind that these basic rules as of v1:

• Administrators and Employees has full access to all types of shares.

• Users only has access their home share and other standard shares that you have given them access to by creating ACLs.

If you are unsure if to invite an employee or not, be safe and invite an user. You can instead create a standard share @ topmost root share level giving you the possibility to narrow the permissions for a user later down the line.

Invite new user

Note: The E-mail cannot be changed afterward, to rename an user account you will have to delete the previous user and invite again.

1. Click [INVITE USER] in lower right corner (or [INVITE] in TRANSFERS view).

2. Enter the user's E-mail and click [NEXT]. accsyn will check if user already registered with accsyn for another organization or is new.

3. Choose the clearance, leave this at default (User) unless you are about to invite an Employee (have unrestricted access to all shares) or an Administrator (have clearance to administer accsyn). 

4. (Optional) Enter a message that user will get with the invitation E-mail.

5. Click [INVITE] to send invitation.

The process from here differs if user(E-mail) is known to accsyn or not.

New user:

1. User will receive an activation E-mail were they have to click a link to activate their account using the accsyn web app - choosing a password.

2. When user has activated their account they will be joined and a user home share is created (if setting enabled, see below). An join E-mail confirmation is sent to user with download links to desktop app.

Known user:

1. User will be joined your accsyn and receive a join E-mail confirmation with download links to desktop app.

Self invite

If setting user_enable_self_invite beneath ADMIN>SETTINGS>User is enabled(default), users are allowed to register and request to join accsyn:

1. The user opens https://<yourdomain>.accsyn.com in their browser and click [ JOIN ].

2. They enter their E-mail address and click [ NEXT ].

3. (New accsyn user) They can enter their name (optional), and then they click [ REGISTER ]. An activation E-mail will be sent out, they follow the activation link mailed out and activate their account. After that process proceeds @ 5 below.

4. (Existing accsyn user) They will be asked to enter their password and then click [ JOIN ].

5. An E-mail will be sent out to administrators (default, change the recipients beneath SETTINGS>Mail>requestjoin) asking to approve or deny request. The user can also be approved/denied by editing user beneath USERS admin section.

6. (Approves) User will receive their join confirmation E-mail and are ready to go. Administrators(default, change the recipients beneath SETTINGS>Mail>joined) will be notified by E-mail on the action taken.

7. (Denies) User will be notified that their request were denied, after that user will be DELETE from accsyn - they will have to request again later. Administrators(default, change the recipients beneath SETTINGS>Mail>joined) will be notified by E-mail on the action taken.

Auto join

If setting user_enable_auto_join beneath ADMIN>SETTINGS>User is enabled(NOT by default), user will be joined immediately:

1. The user opens https://<yourdomain>.accsyn.com in their browser and click [ JOIN ].

2. They enter their E-mail address and click [ NEXT ].

3. (New accsyn user) They can enter their name (optional), and then they click [ REGISTER ]. An activation E-mail will be sent out, they follow the activation link mailed out and activate their account. After that process proceeds @ 5 below.

4. (Existing accsyn user) They will be asked to enter their password and then click [ JOIN ].

5. User will receive their join confirmation E-mail and are ready to go. Administrators(default, change the recipients beneath SETTINGS>Mail>joined) will be notified by E-mail on the new join.

How does accsyn store passwords?

No passwords are stored in accsyn / in backend, we use external SOC2 compliant service Auth0 (auth0.com) for user profile data. This means if the accsyn internal data storage is compromised, no credentials (passwords or API KEYs) can leak.

User listing

The users list are grouped by clearance: "Administrators", "Employees" and "Users". If there are any pending users, they will be listed beneath "Pending".

To filter the users/search, enter text in "Search users" field on top of page.

To sort users, click on the column headers. Click multiple times to change sorting direction.

• Email; The user's login.

• Name; The user's name, set by user themselves within their profile. Used instead of E-mail in communication were possible.

• Logged in; Shows last date user logged in.

• Enable; Shows if user is enabled or not and also provides a quick way to change user status, see Quick enable/disable below.

• User action buttons, see below; 

Quick enable/disable

A user can be quickly enabled/disabled by clicking the checkbox in enable column.

Note: if a user is disabled - all their sessions will be logged out and they cannot login again until you enable them.

Report user

To get  a printable detailed report for a user, click the report (black document icon) button on user. The report will include detailed information about user, including a log with recent activities.

Edit user

Click on the edit (blue pen icon) button on user to bring up the user editor. Here you can:

• Change the clearance of user.

• Change the queue a user is to be bound to when they submit transfer jobs.

• Enable/disable a user.

• (Pending user) Resend activation Email or Approve/Deny join request.

• Share directory with user.

• Delete user.

Give user access to directory

Important note: Valid for users only, employees & admins are given free access to all shares.

Click on the blue [+ ACCESS ]  button on user or double-click user to bring up the ACL (Access Control List) editor.  This option is also available from shares (See Manage Shares below).

The current directories/ACLs shared are listed at the left hand side:

• Delete ACL, click on the red trashcan button.

• User; The E-mail of user having access.

• Path; Shows the path broken up in three parts: 1) The root share path 2) The share path relative root directory 3) The subdirectory relative to share. Hover a row to see the  full path.

• Read; (mandatory) Checkbox showing read permission. Read permission cannot be unset, instead delete the ACL entry.

• Write; Checkbox were you can enable/disable write access.

• Created; The date ACL entry were created.

On the right hand side a file browser is displayed, enabling you to add an ACL - grant access to a subdirectory on a share to a user:

1. Select the share to give user access to (hidden when managing shares).

2. Select the subdirectory. If not exist, you can create it using the tool buttons on top of file browser.

3. Path; The path you selected. You can also type the relative subdirectory path if the directory structure is not created yet. Use '/' to point out root level access.

4. Read; (Mandatory) Give user read(download) access.

5. Write; (Optional) Give user write(upload) access.

6. Finally add the ACL by clicking [+ ACCESS].

Notes:

• • Users will have to reload their file browser to see new accessible shares and directories.

  •  You cannot block out write access by adding an ACL on a sub directory if the parent directory have write access.

  • If the directory does not exist, it will be created on upload. Still it will be listed as if it exist on client end so they can walk down to the writeable sub directory in their file browser.

  • The latest shared directories are listed on dashboard, for your overview.

Manage shares

(ADMIN>SHARES)

accsyn has three(3) types of shares built in:

• Root share; This is the topmost folder accsyn are allowed to access on a server, typically your FTP disk volume or network share. You can have multiple root shares, and root shares can be setup at a remote site allowing mirrored path jobs in order to keep an remote office in sync/run backup.

• User home share; This is a subdirectory beneath a root share were a user have default access (this behaviour can be turned of from SETTINGS>User).

• Standard share; Also called a work area, is similar to the user home share - a subdirectory beneath a root share were one or more users can collaborate - upload/download.

It is up to you how you plan your users and shares, keep in mind that these basic rules as of v1:

• Administrators and Employees has full access to all types of shares.

• Users only has access their home share and other standard shares that you have given them access to by creating ACLs.

I

f you are unsure if to invite an employee or not, be safe and invite an user. You can instead create a standard share @ topmost root share level giving you the possibility to narrow the permissions for a user later down the line.

Delete a user

Delete a user by clicking the red trashcan button on user, user cannot have any active jobs in order for this to work. Make sure to abort jobs before you attempt this.

Note: Deleting a user will erase eventual user home shares and ACLs, this cannot be undone!

Create new root share

(Administrators only)

Prerequisites:

• Make sure the server that should server the root share is online and have the accsyn ports forwarded in order to enable Internet clients to reach it during transfer. See Manage Servers below for more information.

• Make sure the volume is mounted and accessible by the process running accsyn server.

1. Click on [+ CREATE ROOT SHARE] button in lower right corner - at bottom of ADMIN>SHARES listing.

2. A file browser is presented: A) Select the server in the SERVER dropdown. B) Beneath VOLUMES, choose location. If not listed, click [ + ADD PATH ] to add another directory to listing - for example a Windows UNC network path. C) (Optional) Choose the subdirectory for root share. Click [+ NEXT ] when you are done.

3. Server; Click the [ .. ] button to browse again for server & root share folder.

4. Windows path; (Optional) Enter the path root share has on Windows, helps accsyn understand if a file is coming from root share or not when being sent by accsyn.

5. Windows VPN path; (Optional) Enter the path root share has on Windows when accessed over VPN, helps accsyn understand if a file is coming from remote root share or not when being sent by accsyn.

6. MAC path; (Optional) Enter the path root share has on Mac, helps accsyn understand if a file is coming from root share or not when being sent by accsyn.

7. MAC VPN path; (Optional) Enter the path root share has on MAC when accessed over VPN, helps accsyn understand if a file is coming from remote root share or not when being sent by Accsyn.

8. Linux path; (Optional) Enter the path root share has on Linux/Unix, helps accsyn understand if a file is coming from root share or not when being sent by accsyn.

9. Linux VPN path; (Optional) Enter the path root share has on Linux/Unix when accessed over VPN, helps accsyn understand if a file is coming from remote root share or not when being sent by accsyn.

10. Share name; Enter name of root share, can only contain letters a-z 0-9 _  -  and have to be unique - cannot be named as another share/user/site.

11. Default; Set root share to default, meaning that automatically created home shares will be created on this one (If enabled beneath @ SETTINGS>USER>share_auto_create_home_shares) and the server serving this share will also run server side hooks. One root share must be the default in your setup for accsyn to function properly.

12. Site servers; (If have sites defined, see Manage Sites for more information) Define which servers that should serve the share on your different sites. 

13. Enable share; Tell wether root share should be enabled or disabled. Jobs can still be submitted to disabled root shares (or a share beneath root share) but they will not run until root share is enabled again.

Note: Root share settings can be modified after its have been created.

Create user home/standard share

(Requires a root share to be present)

1. In shares listing, click [ + CREATE SHARE AT '..'] beneath the root share that share should be created.

2. A file browser is presented: A) Select the root share. B) Choose the subdirectory for share, or leave as is and share will be created at topmost ('/') level of root share. Click [+ NEXT ] when you are done.

3. Type; Choose type of share - Standard share or User home share.

4. User; (home share) Select the user home share is for.

5. Queue; (Optional) Select the queue jobs from users should be put into instead of the default queue. (See Manage Queues below).

6. Share name; Enter name of root share, can only contain letters a-z 0-9 _  - @ (@ only allowed for home shares) and have to be unique - cannot be named as another share/user/site. If user home share, this option will be forced to be same as user login (E-mail). 

7. Enable share; Tell wether share should be enabled or disabled. Jobs can still be submitted to disabled shares but they will not run until share is enabled again.

Note: Share settings can be modified after its have been created.

Share listing

Shares are listed hierarchically with root shares and their shares beneath. 

Root shares:

• Root share name(code); Shows the unique name of root share. ("code" name of attribute when working with CLI /API)

• Status; Displays status of root share: "enabled" - functions normally, "disabled" - share is disabled, "offline" - share is not online.

• Paths; Displays the path(s) root share have @ different platforms.

• Default; Shows if root share is enabled or not.

• Server; Shows which computer is is server for share. See Manage Servers below.

• Site servers; Shows which computer(s) are serving the share at your sites.

• Share action buttons, see below; 

Shares beneath root shares:

• Share name(code); The unique name of share.

• Status; Displays status of root share: "enabled" - functions normally, "disabled" - share is disabled.

• Path; The path to share, relative its root share. Hover the share to see full path in tooltip.

• Created; The date share were created.

• Share action buttons, see below; 

Report share

To get  a printable detailed report for a (root) share, click the report (black document icon) button on share. The report will include detailed information about share, including a log with recent messages related to shares.

Edit a root share

Click on the edit (blue pen icon) button on root share to bring up the root share editor. 

The options are same as described above @ Create new root share.

File transfer section:

Here you can override global domain file transfer settings for a root share. See Manage Settings>File Transfer below for a description of these settings.

Mail section:

Here you can complement global domain mail settings for a root share. See Manage Settings>Mail below for a description of these settings.

Edit a user home or standard share

Click on the edit (blue pen icon) button on share to bring up the share editor. 

The options are same as described above @ Create new user home/standard share.

Mail:

Here you can override global domain mail settings for a root share. See Manage settings below for a description of these settings.

Give users access to directory on share

Important note: Valid for users only, employees & admins are given free access to all shares.

Click on the blue [+ Share ]  button on share or double-click share to bring up the ACL (Access Control List) editor.  This option is also available from users (See Manage Users above).

• The current directories/ACLs shared are listed at the left hand side:

• Delete ACL, click on the red trashcan button.

• User; The E-mail of user having access.

• Path; Shows the path broken up in three parts: 1) The root share path 2) The share path relative root directory 3) The subdirectory relative to share. Hover a row to see the  full path.

• Read; (mandatory) Checkbox showing read permission. Read permission cannot be unset, instead delete the ACL entry.

• Write; Checkbox were you can enable/disable write access.

• Created; The date ACL entry were created.

On the right hand side a file browser is displayed, enabling you to add an ACL - grant access to a subdirectory on a share to a user:

1. Select the share to give user access to (hidden when managing shares).

2. Select the subdirectory. If not exist, you can create it using the tool buttons on top of file browser.

3. Path; The path you selected. You can also type the relative subdirectory path if the directory structure is not created yet. Use '/' to point out root level access.

4. Select a user; Choose the user that should be granted access to specified subdirectory.

5. Read; (Mandatory) Give user read(download) access.

6. Write; (Optional) Give user write(upload) access.

7. Finally add the ACL by clicking [+ ACCESS].

Notes:

• • Users will have to reload their file browser to see new accessible shares and directories.

  •  You cannot block out write access by adding an ACL on a sub directory if the parent directory have write access.

  • If the directory does not exist, it will be created on upload. Still it will be listed as if it exist on client end so they can walk down to the writeable sub directory in their file browser.

  • The latest shared directories are listed on dashboard, for your overview.

Delete share

Delete a (root) share by clicking the red trashcan button on share, no jobs using share can be active - abort these to proceed.

Note: Deleting a share cannot be undone, this will also delete related ACLs and if root share  - all shares beneath root share.

Manage sites

(ADMIN>SITES)

A site is a remote location where a server is running and, possibly, desktop apps (clients). A site is intended to give you the opportunity to sync directories to a local site server which then is worked on before sent back to main premises (hq).

accsyn comes shipped with two built-in sites:

• Headquarters("hq"); This is the default site that all servers and clients are assigned to.

• Local("local"); This is a special site that a client (launched by an employee/admin) can be assigned to, denoting a local workstation that has a local mapping of root share(s) and usually have VPN connection.

accsyn makes it easy to send files between sites from desktop app:

• "Push"; Download a set of files from hq to a site, with mirrored paths.

• "Pull"; Upload a set of files from a site back to hq, with mirrored paths.

• "Transfer";  Transfer a file package from one site to another, with mirrored paths.

For this to work, you have to install a server at site (unless it is a local site, then client will become the actual server) and configure server to server root share(s) as needed.

Create a site

1. Click [ + CREATE SITE ] in lower right corner.

2. Site name(code); The name of site, must be unique - cannot be same as share, user or another site.  It cannot either have the reserved name "local".

3. Description;  The description of site.

4. Enable site; Enable or disable site, jobs can still be submitted to disabled sites but they will not start transfer until site is enabled again.

5. Click [ CREATE ] in lower right corner to create the site.

Site listing

• Name(code); The unique name of the site. ("code" is the name of this attribute when working with CLI/API).

• Status; Enabled or disabled.

• Main; Tell if site is the default or not.

• Servers; Show which computers server share(s) @ site. The serving can be changed by editing the root share, see Managing Shares above.

• Description; Displays the site description.

• Site action buttons; see below.

Report site

To get  a printable detailed report for a site, click the report (black document icon) button on site. The report will include detailed information about site, including a log with recent messages related to site.

Edit a site

Click on the edit (blue pen icon) button on site to bring up the site editor. 

The options are same as described above @ Create a site.

Delete a site

Delete a site by clicking the red trashcan button on site, no transfer jobs can be active while a site is deleted - make sure to abort jobs before you attempt this.

Note: This cannot be undone!

Manage queues

(ADMIN>QUEUES)

A queue is a container for transfer jobs, with each job having a queue order starting with 0 as the topmost index, 1 as the second job in queue and so on.

Paused/failed jobs have no queue index, they are re-inserted at bottom of queue when retried.

Each queue have a priority relative to other queues, which is a integer number ranging from 1-1000:

• 1000 (Panic); The highest priority.

• 999; High priority.

• 500; Medium priority.

• 1; Low priority.

accsyn comes shipped with three(3) queues by default:

• "High" @ priority 999.

• "Medium" @ priority 500, the default queue for all new jobs.

• "Low" @ priority 1.

Create a queue

1. Click on [ CREATE QUEUE ] in lower right corner.

2. Queue name(code); The unique queue name, must contain letters a-z 0-9 .  _ - only and must be unique - cannot have the same name as another queue.

3. Priority; the priority queue should have, see definitions above.

4. Default; Tell if this queue should be the default queue for new transfer jobs that does not have a queue constraint. 

5. Click [ CREATE ] to have the queue created.

Queue listing

• Name(code); The name of the queue ("code" is the name of this attribute when  working with CLI/API)

• Status; The status of the queue, either "enabled" or "disabled" - all jobs beneath queue will be put on hold.

• Priority; The priority of queue.

• Default; Tell if queue is default or not.

• Description; The queue description.

• Queue action buttons; see below.

Report queue

To get  a printable detailed report for a queue, click the report (black document icon) button on queue. The report will include detailed information about queue, including a log with recent messages related to queue.

Edit a queue

Click on the edit (blue pen icon) button on queue to bring up the queue editor. 

Edit section:

These options are same as described above @ Create a queue.

File transfer section:

• Speed limit; Set a speed limit for the queue, in the unit of MB/s - MegaBytes per second.

The rest of the settings override global domain & global file transfer settings for a queue. See Manage Settings>File Transfer below for a description of these settings.

Mail section:

Here you can complement global domain & share mail settings for a root share. See Manage Settings>Mail below for a description of these settings.

Hooks section:

Here you can add additional hooks that should be run for all jobs beneath this queue. See Manage Settings>Hooks below for a description of these settings.

Delete a queue

Delete a queue by clicking the red trashcan button on queue, eventual job's residing in queue will be moved to the default queue. If not other queue exists, queue deletion will fail.

Note: This cannot be undone!

Manage servers

(ADMIN>SERVERS)

A server is a accsyn application that runs in the background with the purpose to serve a root share and run hooks.

For accsyn to function properly, you will need at least one server installed unless you are running a 100% cloud proxy solution were the only server is in the cloud. See below.

What does the server do - is it safe to install?

The server runs in the background as a service/daemon and regularly checks back with your accsyn domain/backend using REST calls over https. The following rules apply:

• No process is listening to any port in idle mode - makes intrusion attempts impossible.

• File operations (list directory, create dir, etcetera) are initiated by your accsyn domain/backend and validated against ACLs before executed.

• Only hooks configured in accsyn are executed, there is no functionality in the accsyn server to execute foreign code of any kind.

• When a file transfer operation is ongoing, accsyn server spawns a separate process listening @ one of the WAN ports configured below. This process has a built in software firewall that only accepts incoming connections from the remote WAN (or overridden local) IP.

• All transfers are encrypted from beginning - no handshake protocols are performed to establish the remote party identity, AES encryption keys are transported over the REST https channel and are never stored permanently/logged/visible in process listing within operating system. 

Can multiple servers be installed on a site?

Yes, if you have multiple file servers or for other reason need to have more than one computer involved in file transfers, you can install a site server for a specific subset of root shares.

Install a new server

1. Click [ + INSTALL SERVER ] in lower right corner. Site servers can also be installed from lin on each site (ADMIN/SITES).

2. Choose the type of server; Select if it is going to be a main server that serves a new root share on main site or a site server serving an existing root share @ remote site.

3. Authenticate; Download and run the installer at server, enter the PIN code and finish the installation. See Installing the accsyn server above for details regard server installations. After this step server is up and running and if you abort, you will have to uninstall the server to completely remove installation.

4. (Main server only) Configure firewall; Choose and test ports that you need to NAT forward to server in order to have remote clients reach it and transfer files. Skip this step if you want to configure this later or only run traffic over local LAN using override IPs. Site server does not generally need ports forwarded, only if you intend to transfer files between sites and no IP overrides (See Edit server below) exists. In that case you will need to add port forwards to both site servers as any of the servers can take on the file serving party.

5. Site; (Site server only) Choose the site server is at.

6. Description; (Optional)  Give server a description.

7. Enable; Enable or disable a server. Jobs can still be submitted involving a disabled server or client, but transfer will not start until server/client at both endpoints are enabled.

8. WAN IP; The configured WAN IP, if not overridden it will say Auto detect and accsyn will attempt to reach the server using the detected WAN IP (based on incoming REST calls from server app)

9. WAN ports; The configured WAN ports remote accsyn clients/servers should use when attempt to connect to the WAN IP. Default is 45190-45209.

10. Reconfigure; Go back and reconfigure the WAN IP and WAN ports, this can be done later during server edit.

11. Override IP:s; Here you can redirect traffic that accsyn otherwise would attempt over Internet/WAN/LAN by teaching accsyn alternative local IP:s. This is suitable if you  have for example two servers on a local LAN that should reach each other directly, or a dedicated VPN between two sites or between a site and a client/workstation. To add an override: A) Remote client/server; Select the other party B) Remote IP; enter the IP remote client/server has C) Server IP:  enter the IP this server should have in the conversation D) Click [ + ADD ].  To remove a override, click the red trashcan button at entry in list.

12. To finalise the installation - save settings, click [ FINISH INSTALLATION]. 

Server listing

• Hostname(code); The hostname of client, detected by accsyn at launch and might change if changed locally.

• Status; The status of server: "online" - operational, "disabled" - transfers blocked, "offline" - turned off/not running/can't reach Internet, "offline-disable" - transfers blocked and offline.

• Site; The site server is at, default is "hq" - your main premises.

• Serving; The root share(s) server is serving. Change this by editing the root share.

• OS; The operating system server is running.

• Last checkin; The date server last were seen.

• Version; The version of accsyn running at server.

• Description; Description of server.

• Server action buttons; see below.

Report server

To get  a printable detailed report for a server, click the report (black document icon) button on server. The report will include detailed information about server, including a log with recent messages related to the server.

Edit a server

Click on the edit (blue pen icon) button on server to bring up the server editor.

The settings are the same as presented above during server installation, with a few extra option:

• Server version; The version Accsyn has detected server is running. Current version is the version of accsyn server/client currently deployed within your Accsyn domain. Click [ UPDATE ACCSYN] to initiate a remote update of server, this helps keeping Accsyn up to date with latest security patches/features.

Delete a server

Delete a server by clicking the red trashcan button on server, deletion can only be done for offline servers - turn of server/stop service or daemon and wait a couple of minutes and the delete option will appear.

Note: This cannot be undone!

Manage clients

(ADMIN>CLIENTS)

Very similar to server area, you can list all clients within your accsyn domain. A client is an installed desktop app or CLI, capable of transferring files.

Note: Python API endpoints or web browser sessions are not included here.

 By default, clients spawned by users (non employees/admins) are hidden, show these by selecting Include user clients option.

Report client

To get  a printable detailed report for a client, click the report (black document icon) button on client. The report will include detailed information about client, including a log with recent messages related to the client.

Edit a client

Click on the edit (blue pen icon) button on client to bring up the client editor.

• Site; Change the site client is at. Choose "local" to point out a workstation that should be treated as a standalone site - be available for push/pull/transfer operations.

• Enable; Enable or disable the client.

Delete a client

Delete a client by clicking the red trashcan button on client, deletion can only be done for offline clients - turn of client and wait a couple of minutes and the delete option will appear.

Note: This cannot be undone!

Manage settings

(ADMIN>SETTINGS)

With settings you can fine tune the behaviour of Accsyn - customise it to your needs.

Note: Many settings can be overridden on users, shares, queues and so on. It will be stated clearly within this admin section which these are and how they blend together.

 The settings are explained with a blue box next right to them, the internal name is listed to the right together with a orange factory reset button. The factory default settings are listed @ Appendix A below.

You can revert settings back to were they were before you started editing by clicking the [ REVERT ] button in lower left corner. Reloading the web application/browser will have the same effect.

From here on we will not describe the settings as they are already have descriptions inline, we will instead describe how to configure different desired behaviours.

SECURITY SETTINGS

Account lockout

Protect your accsyn from potential malicious behaviour when it comes to password guessing - lock out accounts having repeatedly failed to authorise. 

USER SETTINGS

Enable users to make a request to join accsyn

By default, accsyn enables new users to see the [ JOIN ] button during login. Here they can activate a account (choose password) and, depending on user_enable_auto_join setting, either make a request to join or be joined directly. Change this behaviour by disabling the user_enable_self_invite setting. 

Enable users to join your accsyn automatically

If both user_enable_self_invite and user_enable_auto_join is set, users will join directly as soon as they have activated their account. This is feature makes it easy to just tell users that need to upload stuff to go to <yourdomain>.accsyn.com and service themselves (if share_auto_create_user_shares is enabled, otherwise a user home share won't be created and user will have to wait to be shared a directory or sent a package).

Changing the time a invite is active until expires

By default, an invite is active for 7 days. If user have not activated their account, or you have not taken action upon join request, account will be deleted and user have to be invited again. Change this grace period by altering the user_join_expire setting.

SHARE SETTINGS

Have directories created for shares

By default accsyn creates folders on disk for newly created shares (not root shares, if their folder is missing it is interpreted as an error and share is treated with "offline" status). Change this behaviour be unchecking share_conf/create_share_directories setting. If directory not could be created, a log entry is made on share - view by running running a report on the share.

Have date directories created on dropoff

By default accsyn creates a folder in first writable home share folder for user uploads that do not have a destination path. Turn it off by unchecking share_conf/user_dropoff_date_directory_enable  setting. Change the format/name of folder by altering share_conf/user_dropoff_date_directory_format setting.

Automatically create home shares for new users

By default, accsyn leaves new users with a place to upload files right after they have joined. With share_auto_create_user_shares setting checked, Accsyn attempts to create  a home share for user at thes share/folder pointed out by share_conf/user_share_directory setting. By default, accsyn creates these beneath default root share in a "accsyn" subfolder. Click on the [ .. ] button to browse for a new location.

Configure transmit directory

By configuring share_conf/user_transmit_directory  setting, files transmitted to a user will be put beneath one ore more subfolders @ remote user home share readable path.

FILE TRANSFER SETTINGS

Note:  These settings are can also be set on a root share and on a queue, enabling you to create different transfer scenarios within accsyn.

Exclude *.tmp files during all transfers

Add line "*.tmp" to transfer_exclude setting and all files ending with .tmp will be excluded from transfer.  Add one entry per line if you need to exclude further files.

Preserve permissions

accsyn by default does not attempt to preserve ownership or permissions during transfer (between two Unix/Posix operating systems). To change this behaviour, head to transfer_attributes setting and tick boxes Owner, Group and/or Permissions.

WEB TRANSFER SETTINGS

Web transfers include all file transfers performed through web browser and have the current limitations:

• Max 5 GB file size.

• Only single files can be downloaded, multiple files/mixed content will be ZIP:ed.

MAIL SETTINGS

Here you can define who will receive E-mails upon different events, in general all administrators get E-mail by default. Change this behaviour by removing administrators group and add other recipients.

Note: If you add user or external E-mails, less information will be included in E-mails to preserve integrity. 

Additional mail settings can be overridden at share and queue level, and also be provided during transfer job submit. The following rules apply:

• Global E-mail enable (email_conf/enable); Disables all E-mail notifications.  Disable on share, queue or job level overrides enable on levels above/global setting.

• Disable of specific event; Disables all E-mail notifications for that event.  Disable on share, queue or job level overrides enable on levels above/global setting.

•  TO; Will add the E-mail recipient (group or E-mail) to the entries defined in levels below (share, queue, job). 

• EXCLUDE;  Will exclude this E-mail from on from E-mails included on all levels, not only the level it is defined. 

Only E-mailing a specific account for all jobs in a queue

For example, if a queue should not E-mail administrators and instead E-mail an external account - put Administrators @ EXCLUDE and add the  remote E-mail  @ TO for desired events at queue.

HOOKS SETTINGS

Hooks are were you can define scripts to be run on different events, they are defined in section Hooks below.

PUBLISH SETTINGS

Here you can enable the publish workflow, allowing remote subcontractors to validate and submit work done into your production database. 

All the aspects of publishing are covered in this tutorial: https://support.accsyn.com/tutorial-publish-workflow.

UI SETTINGS

The UI settings gives settings that affect desktop app and web interface presentation.

MISC SETTINGS

I want to change the location were accsyn stores temporary ZIP:s for web transfer

Simply browse a new location beneath job_compress_tmp_directory setting.

Note: This will not affect ongoing compress tasks.

Resources

A resource is a file that can be uploaded and used for various functions, for example customising the UI with your own logotype.

Using the Command Line Interface(CLI)

Jobs

To list active jobs:

accsyn job find

Create a new job:

accsyn job create <source path 1> <source path 2> .. <destination path>

Giving an example:

accsyn job create share=volume1/dataset001 site=berlin    Copy entire folder "dataset001" on share "volume1" to remote site "berlin", mirroring paths

Create a new job with job data provided in JSON file:

accsyn job create /path/to/job.json

were job JSON is on the form:

{

        "status":"waiting", 

        "code":"myproj outsourcing bid 2018.03.12 Batch01", 

        "description":"Batch01 for bidding", 

        "queue":"medium",

        "tasks":{

                "0":{

                      "source":"myorg:/projects/myproj/114/290/lfm_114_290.jpg",

                      "destination":"john@user.com:projects/myproj/114/290/lfm_114_290.jpg", 

                },

                "1":{

                       "source":"myorg:/projects/myproj/references/open_window.jpg",

                       "destination":"john@user.com:myproj/references/open_window.jpg", 

                }, 

        }

}

Transfer job JSON syntax

Please refer to the accsyn transfer job best practices and specification:

Transfer job specification

Configuring accsyn using the Command Line Interface (CLI)

To get up and running, configure your terminal environment with the following environment variables:

ACCSYN_DOMAIN=<yourdomain>

ACCSYN_API_USER=<your account E-mail>

And optionally, to avoid needing to enter you password every time you invoke the CLI, set this temporary variable:

ACCSYN_API_KEY=<secret API key>

Note: Your API key can be obtained from the desktop app @ prefs section, consider it as your own personal password - do not share with anyone else.

As a good CLI test, and also a common way to figure out problems with your accsyn config, generate a full report of your installation:

• Windows; 

C:\Program Files\AccSyn\accsyn.exe domain report

• Mac; 

/Applications/AccSyn\accsyn domain report

• Linux; 

/usr/local/accsyn/accsyn domain report

The CLI has thorough built-in documentation, run with "--help" flag to get help about available commands, and their subcommands.

The following configuration instructions assumes no previous configuration has been made - assuming a fresh install of accsyn.

Users

To list/report active users:

accsyn user find

accsyn user report <E-mail or ID>

To invite a new user to accsyn:

accsyn user invite <E-mail>

Note: User will only have access to their default share created beneath <default share>/accsyn/<e-mail>/. Use the "acl" command below to give further access to shares.

This will invite a user having the default "client" clearance.  To invite an employee or admin, with a message, invoke:

accsyn user invite --clearance employee|admin --message "..my message to user.." <E-mail>

To disable a user:

accsyn user disable <E-mail or ID>

To enable a disabled user:

accsyn user enable <E-mail or ID>

To delete a user:

accsyn user delete <E-mail or ID>

Root shares

The first step would be to create a "root share" - a folder on your network storage that should be used by accsyn for sending and receiving files, serving as a root for subsequent child shares for users:

accsyn share create --code Projects --path_mac /Volumes/Projects --path_windows P: 

Notes: 

• • If not other share exists, this root share will also be set as the default share.

  • Shares and sites must be unique and cannot share the same names(code).

Verify that it has been properly created by listing available shares:

accsyn share find

Tip: Add a query to list a specific share: "accsyn share find ee6d4bbe-441a-4a8d-a60b-e78da59bcef7" 

or get an detailed report:

accsyn share report Projects

Next we need to assign a computer(client) that should serve the share. We assume you have installed the accsyn server

accsyn share edit --server <hostname> <share code or ID>

Note: If another computer was serving the share, it will be de-assigned.

To delete a share, and its child shares :

accsyn share delete <share code or ID>

Note: Share must not be the default or be involved in any active jobs.

When at least one root share has been established, admins and employees can start transfer files to/from it. To share subfolders with clients, you will need to create a standard share (abbreviated child share previously). See "shares" section below.

Clients

A client in accsyn is a running instance of the application, either on server or as a desktop app. 

Note: With CLI/API, servers and clients are the same, differentiated by their type.

To list/report registered client(s):

accsyn client find

accsyn client report <client hostname(code) or id>

Note: client should be identified by their id, using hostname(code) can be ambiguous as two computers might be having the same hostname.

To temporarly disable a client:

accsyn client edit --status disable <client hostname(code) or ID>

Note: a disabled client will not perform any file transfers, this means job's involving shares(&workareas) served by the client will not run.

To enable a client again:

accsyn client edit --status enable <client hostname or ID>

Define IP overrides for servers. 

accsyn client edit --override_ip <remote client hostname or id>=<remote IP>{:<local IP>} <server hostname or ID>

This will tell remote client to connect to this server using the local IP, and server will only accept incoming connections from remote IP. Configure this when you want to divert traffic over a separate LAN instead of over WAN(Internet). Multple statements can be given, separated by commas(,).

To remove an override IP, use 0.0.0.0 as remote IP:

accsyn client edit --override_ip <remote client hostname or id>=0.0.0.0 <server hostname or ID>

Note: This will also turn off encryption for transfers happening between these two clients.

To delete an obsolete client:

accsyn client delete <client hostname or ID>

Note: Client must be offline and not involved in any active jobs.

Shares

A share can be compared to a shared FTP folder - only designated users are allowed to access a share, with permissions defined by defining ACLs - Access Control Lists.

Note: employees are allowed full to access all shares regardless of ACLs.

Whenever a user is created/invited, a user share is created by default - the "Home" folder within GUI desktop app. This so all users have a well defined location for uploading material, and for employees to put files that user should be able to access. User shares are managed by accsyn and cannot be altered, to prevent user access - disable user.

To list/report registered shares:

accsyn share find

accsyn share report <share code or id>

To create a new share:

accsyn share create --code <code> --parent <root share code or ID> --path <share/relative/folder> {--write_jail subfolder1,..} {--queue uri} {--email email1,email2,..}

• code; The code/name of work area, must be unique and only contain letters A-Za-z0-9-_. Reserved codes "all" and E-mail addresses cannot be used.

• parent; The code or ID of the root share this share should reside on.

• path; The path, relative root share, where share is located.

• write_jail; Restrict write access to this folder, even if a user has write access to entire work area. Can be overridden by giving explicit write access to other subfolders. To have multiple write jails, supply a comma(,) separated list.

• queue; Restrict jobs submitted involving this share, to a queue, identified by the queue uri.

• email; Include these E-mail addresses to job notifications. Comma(,) separated list.

To edit a share:

accsyn share edit {--code <new code>} {--parent <new root share name or ID>} {--path <share/relative/new/folder>} {--write_jail subfolder1,..} {--queue uri} <share code or ID>

To delete a share:

accsyn share delete <share code or ID>

ACLs

A accsyn ACL defines which permission an entity have on another entity, and exposed for defining which user(s) has access to which folders beneath a share.

To allow and user to read & write a certain share, issue:

accsyn acl create --ident user:<user E-mail or ID> --target share:<workarea code or ID> {--path <sub directory>} --read true --write true

The --path option is optional, leaving it out will have ACL default to share root path (/).

List ACLs:

accsyn acl find

Note: ACLs have no names(code) and can only be addressed by their unique ID.

Modify ACLs:

accsyn acl edit {--read true|false|1|0} {--write true|false|1|0} {--path <new path>} <ID>

Delete ACLs:

accsyn acl delete <ID>

Queues

Job queues are identified by either its ID or by its URI, queues can be nested and all queues beneath a parent must have unique codes/names. En example of a queue URI would be "ProjectX/high_prio" - a queue named "high_prio" beneath parent queue "ProjectX".

To list/report registered queues:

accsyn queue find

accsyn queue report <queue code or id>

To create a new queue:

accsyn queue create --parent <parent queue uri or ID> --code <queue code> --priority <priority>

• Parent; (Optional) URI or ID of the parent queue. If not given, the queue will be created at top most root level.

• Name; The name of the queue, may only contain the letters A-Za-z0-9-_.

• Priority; (Optional) The priority queue should have, and that should be inherited by child queues/jobs. If not given, priority will be inherited from parent queue. It at root level, priority will fall back to default (500).

To edit a queue:

accsyn queue edit {--parent <parent queue uri or ID>} {--name <queue name>} {--priority <priority>} <queue ID>

To delete a queue:

accsyn queue delete <queue ID>

Note: Jobs in queue will be moved upstream, or to default queue.

Sites

To list/report all registered sites:

accsyn site find

accsyn site report

To create a new site:

accsyn site create --code <site code>

• Code; The code/name of the site, may only contain the letters A-Za-z0-9-_.

To edit a site:

accsyn site edit --code <new site code>

To delete a site:

accsyn site delete <site code or ID>

Note: No active jobs can involve site for this to work.

Change accsyn settings using the CLI

Settings are either global on the domain level, or defined for an entity like a queue or a client(server). To list overridden domain settings and settings for specific queue:

accsyn domain setting

accsyn queue setting <queue ID/uri/code>

To show all settings, with inherited values finalised with default values:

accsyn domain setting --upstream

accsyn queue setting --upstream <queue ID/uri/code>

Get a single setting:

accsyn client setting --name proxy_server <client id>

To change a domain and a queue setting:

accsyn domain setting --edit --name my_domain_setting --value  "my domain setting value"

accsyn queue setting --edit --name my_queue_setting --value  "my queue setting value" <queue ID/uri/code>

To remove a setting:

accsyn queue setting --remove --name my_queue_setting <queue ID>

See Appendix A for a complete listing of available accsyn settings.

Using the accsyn Python API

Please find updated Python API Documentation here: accsyn Python API Documentation

Hooks

Job hooks are commands that are run at different stages of job life cycle.  Hooks can be used to:

• Check if there is disk space on a share.

• Trigger further workflow mechanism such as digital video verification/transcode.

• Check naming conventions of files prior to submit.

Hooks can either be pre or post hooks:

• Pre; Run before a certain condition is met.

• Post; Run after a certain condition is met. 

This example shows a "job-post-done-server" hook that will be run on the server whenever a job is done:

/mnt/data/scripts/accsyn_job_post_done_server.sh ${PATH_HOOK_JSON} ${PATH_METADATA_JSON}

Note: By server means the client app serving the default share.

• accsyn_job_post_done_server.sh; An executable shell script that can be accessed and executed by the accsyn server process.

• ${PATH_HOOK_JSON}; Path to a JSON file generated by the client containing information about the job and the tasks/files to be transferred:

{

   "hook":"job-post-done-server",

   "status":"done",

   "size": 7826213,

   "user_hr" : "john@acmefilm.com",

   "source" : "user:61cd853e44b630d9e10cfb2e",

   "destination" : "organization:5a4f720c1da7ee15c5d43aef",

   "queue": "5a4f720c0da7ef15c5d43aef",

   "queue_hr": "acmefilme/high",

   "metadata" : {

      "my_metadata_entry":"my_metadata_value"

   },

   "tasks" : {

      "0":{

         "destination":"/Volumes/data/proj/source/20180328/A001C001_0315XV.r3d",

         "size": 7826213,

         "status" : "done",

         "metadata" : {"my_task_metadata_entry":"my_task_metadata_value"}

      }

    }

}

Note: Job *-client hooks, designated to run at remote client,  will have "source" instead of dest defined. 

• ${PATH_METADATA_JSON}; (Optional) JSON that will be merged and stored with the existing job metadata.

{

   "job_metadata" : {

      "my_metadata_entry" : "my_updated_metadata_value"

   },

   "task_metadata":{

      "0":{

         "my_task_metadata_entry":"my_updated_task_metadata_value"

      }

   }

}

The exit code returned should be zero(0) if hook was executed successfully, if hook executable not found or non-zero exit code, job will fail and the stdout+stderr will be displayable in the desktop app for troubleshooting.

The following hooks are defined in accsyn:

Configuring hooks using web app (recommended)

For entire domain (global hooks):

Go to ADMIN>SETTINGS>Hooks  and enter the full path to script as it resolves on your server or client.

For a queue:

• Edit the queue and open Hooks tab.

Configuring hooks using CLI

Hooks are configured as settings on domain (organization) level, on a queue or on a job. To query which hooks are configured globally:

accsyn domain setting find

All settings starting with "hook_" are configured hooks. To configure a hook, configure a setting for it:

filmhubcli domain setting --set hook_job_post_done_server --value "LINUX:/mnt/workflow/bin/accsyn_job_done.sh ${PATH_JSON},WINDOWS:W:\bin\accsyn_job_done.sh ${PATH_JSON}"

Notes: 

• • The "$" will need to be escaped on *NIX platforms.

  • The "LINUX:" prefix (optional) denotes command run if platform server is running is Linux, configuring a Windows commandline allows for server migration from Linux to Windows in this example.

Encryption

accsyn supports the following data encryption algorithms:

• AES-128; (default)

• AES-256

• None

Configure encryption beneath SETTINGS>File transfer admin section @ web application. Encryption can be overridden on share, queue and job levels.

IMPORTANT NOTE: Encryption will be turned off if an override IP is configured at server or client side during transfer. This is default behaviour for accsyn to save bandwidth and CPU usage.

Configuring encryption using web app (recommended)

For entire domain:

Go to ADMIN>SETTINGS>File transfer tab and change transfer_encryption setting accordingly. 

For a share:

• Edit the share and open File transfer tab and change transfer_encryption setting accordingly. 

For a queue:

• Edit the queue and open Hooks tab and change transfer_encryption setting accordingly. 

Configuring encryption using CLI

To change the current encryption using the CLI:

accsyn domain setting --set transfer_encryption --value aes128

To disable encryption:

accsyn domain setting --set transfer_encryption --value none

To restore encryption to its defaults:

accsyn domain setting --set transfer_encryption --value aes256

Compute

The accsyn compute feature add-on allows executing lengthy tasks with accsyn, such as image transcoding or rendering.

accsyn use the term "app" to refer to a compute application, and is defined by a Python(v2) wrapper script. Please visit the accsyn Github app repository to find the common app template and various common film industry apps.

To be able to utilise the compute add-on, you either need an active trial license or having the add-on enabled within your accsyn domain - please contact support@accsyn.com to have it made available.

Which users can run compute jobs?

Currently, compute submit is limited to employees (& admins) only as compute jobs involves a lot of share I/O that could have security implications.

Configuring compute using web app

Enable compute

Go to ADMIN>SETTINGS>Compute and check the Enable box and save settings.

Setting up apps

The Apps admin section should now appear, by default accsyn does not comes shipped with any apps except the built in file transfer app used by default.  

Create the mandatory "common" app:

• Start by creating a new app.

• Name the app 'common' and copy the code from https://github.com/accsyn/compute-scripts/blob/master/source/common.py.

• Publish common app by clicking [ Publish new ]. The common app provide the base class for all compute apps published here on.

Repeat the step above to deploy your production apps, (e.g. nuke-13 and so on) for visibility you can give them different colours - entered in rgb format.

Execution servers

Apps are executed on servers, simply install servers as you normally do but do not have them serve any root shares.

In the desktop app GUI, a tab "Farm" should now visible, showing all servers. The Farm section is where you assign apps to servers and monitor which servers are currently executing apps.

Install each production app (e.g. Nuke 13) and license it on the server, make sure to restart accsyn daemon if the installer sets and environment variables that needs to be picked up.

To be able to run compute tasks, the server also requires Python (2 or 3) to be installed and present in your current PATH. Again, remember to restart accsyn daemon to have it pickup the new PATH. Alternatively, you can set the ACCSYN_PYTHON_PATH to point to the directory were the python executable is present.

Submitting a compute job using the desktop app

Choose the Render submitter and then drag-n-drop the file to compute onto accsyn. Depending on each app's configuration, different parameters are entered. The desktop app supports parsing of ASCII based file formats for identifying dependencies that might need  upload the render site if submitting from a remote location.

Note: to support remote render of binary project files, path resolving has the managed by other means so the compute app can properly execute and find all dependencies.

Submitting a compute job using the Python API

Please refer to the Python API docs.

SOCKS proxy support

The accsyn client (desktop app & daemon) supports standard SOCKS v4/v5, configured in app or supplied as environment variables.

Configure in app

At login screen, click "Proxy settings" link to open up dialog were you can enter the hostname and address of your proxy server and port.  The link will have a green check mark when proxy is configured.

Configure using environment variables

Set the following environment for Accsyn to pick up at launch:

ACCSYN_PROXY=socks:<hostname or IP>:<port,defaults to 1080 if not supplied>

accsyn acting as a network proxy

An accsyn daemon/server can be configured to act as a network proxy for accsyn clients that needs to communicate with accsyn but does not have any Internet access.

Configuring the server

1. Find out the ID of the client by issuing: accsyn client find.

2. Configure the port to listen at, 80 in this case:

accsyn client setting --set proxy_server --value 80 <client id>

Configuring the clients/API

Assuming the accsyn server has local IP 10.100.1.1 on the local network (LAN), set the following environment variable:

ACCSYN_PROXY=10.100.1.1:80

or 

ACCSYN_PROXY=accsyn:10.100.1.1:80

Unconfiguring the server

To stop the proxy server, remove the setting from client:

accsyn client setting --remove proxy_server <client id>

APPENDIX A - SETTINGS

The settings are modified through accsyn main web application, which also displays the setting name at left hand side at each setting. A complete list of all Accsyn settings:

Domain/global settings

Client (server) settings:

Job (& queue,task) settings

Note: some of these settings are duplicates of and overrides domain/global settings.

APPENDIX B - ERROR CODES

A complete listing if all accsyn error codes can be found here:

support.accsyn.com/errors

APPENDIX C - WARNING CODES

A complete listing if all accsyn warning codes can be found here:

support.accsyn.com/warnings