Installing Onehub Enterprise

Onehub Enterprise is a secure le sharing application that you can deploy in

your companys infrastructure. Based upon the same technologies used by the
onehub.com service, it can be used when company policies, ITAR or HIPAA
regulations preclude using a public cloud solution.
Onehub Enterprise is provided to customers in the form of one or more Virtual
Appliance images, and is licensed on a yearly basis.
VERSION 1.1 - JANUARY 10, 2013
Copyright 2012 Onehub Page 1 of 18
Requirements 3
Supported Virtual Machine Environments 3
Supported Network Environments 3
Disk Storage 3
Installation 4
1. Download the virtual appliance 4
2. Start the Virtual Appliance 4
3. Congure the Virtual Appliance using the Web Interface 5
4. Provision the Code File 7
5. Verify and Launch Onehub Enterprise 8
6. Applying the license 9
7. Log in to Onehub Enterprise as Administrator 9
Administration 10
Accessing the Admin Page 10
Creating Accounts 11
Troubleshooting 11
Verify Service Operation 11
Frequently Asked Questions 11
Conguring LDAP User Authentication 12
Adding an LDAP Conguration 12
Upgrading 15
Upgrading the Virtual Appliance 15
Expanding the size of the Data Volume 16
Additional Information 18
Ports used by Onehub Enterprise 18
Onehub Enterprise
Copyright 2012 Onehub Page 2 of 18
Requirements
! A virtual machine environment
! A computer with at least 4GB of memory
! Appropriate free disk storage (a minimum of 80Gb is recommended)
! A local area network
! A DNS or DHCP server somewhere on the LAN
! An email gateway or server on the LAN
Supported Virtual Machine Environments
The virtual appliance image is supplied in the .ova format. These instructions assume that one
of these environments has been installed.
! VMware Workstation, ESX, etc. (vmware.com)
! VMware Fusion (vmware.com)
! Oracle VirtualBox (virtualbox.org)
Supported Network Environments
Onehub Enterprise works in static or dynamic (DHCP) IP addressing environments. TCP Ports
443 and 80, at minimum, are required to use Onehub Enterprise. Port 80 (http) is only
answered to redirect clients to use port 443 (https).
Disk Storage
Onehub Enterprise takes advantage of storage exibility inherent in a virtualized environment.
Files are stored on the le system of the virtual appliance. The virtual appliance can be
managed via the host virtual environment to accommodate whatever backup and scaling is
necessary.
Onehub Enterprise
Copyright 2012 Onehub Page 3 of 18
Installation
1. Download the virtual appliance
Please contact Onehub for a link to the latest virtual appliance le(s). This le name will have a
le extension of .deb
2. Start the Virtual Appliance
Using the .ova le, start the virtual appliance in your virtual environment. Note that you may
receive warnings about devices that are unavailable in your particular machine environment;
you can ignore these messages.
After a startup sequence, the following screen should be displayed:
Note the setup URL, and default username and password.
Onehub Enterprise
Copyright 2012 Onehub Page 4 of 18
Upon initial startup, the virtual appliance attempts to obtain an address using DHCP. That
address is displayed in the startup screen. If DHCP is unavailable,
Networking can be congured manually.
The character-console network conguration is for initial conguration, only, so that
conguration can continue using the web interface. Please see below for conguration of
host name, domain name, name servers, etc. All setup beyond basic networking should be
done using the web console.
To continue with conguration using the web interface, visit the Setup URL (as displayed on the
screen) with a web browser in this example, the setup URL is http://192.168.1.131/setup.
The default setup password can be used to gain access to this page. This is displayed after the
Virtual Appliance has nished starting up, as noted above.
3. Congure the Virtual Appliance using the Web Interface
The web interface provides tabs for Dashboard, Settings, and Code. Congure settings by
clicking on the Settings tab.
The Settings page is used to congure the basic operation of Onehub Enterprise. After
changes are made on this page, they should be saved by pressing the SAVE button at the
bottom of the page. After the settings are saved, there will be a brief delay as they are applied.
While all settings on this page are important, the administrator account security credentials,
hostname, domain name, and name server IP addresses are the most important settings to
change on this page.
ADMINISTRATOR ACCOUNT
The Administrator Account is used to provision application accounts & users, congure
services, etc. In an AD/LDAP environment, it is the one account that can log in without using
AD/LDAP authentication. Its important that this account is kept secure, with a strong
password.
Onehub Enterprise
Copyright 2012 Onehub Page 5 of 18
SSH
Authorized Keys - To enable terminal login via SSH on port 22, supply one or more public
SSH keys. For more information on this topic, please refer to https://help.ubuntu.com/
community/SSH/OpenSSH/Keys.
NETWORK
Hostname The hostname is used to name the server on the network. The Onehub Enterprise
URL will be https://<hostname>.<domain name>, so care should be taken in choosing the
hostname. This hostname should match the SSL certicate (see below).
Domain name The domain name eld will be used to congure the Onehub Enterprise Virtual
Appliance web server on the network, and used for name server resolution.
Primary and Secondary Name Servers The IP addresses of name servers available to
resolve hostnames on your local network should be supplied.
TIME
Primary and Secondary NTP Servers The hostnames of network time protocol servers
should be lled in (the defaults may be appropriate for you if they are accessible from your
LAN). Certain security calculations rely on the time of the Onehub Virtual Appliance to be
substantially similar to the time of any client connecting to it.
SSL
Public and Private Key
Clients connecting to the Onehub Virtual Appliance use SSL over port 443; you should supply
an SSL public and private key corresponding to the Onehub virtual appliances host name,
otherwise client browsers will show an untrusted certicate warning.
The SSL certicate may be obtained from a commercial vendor (such as Verisign, Go Daddy,
Thawte, etc.), or with appropriate conguration of client trust settings, be used with a self-
signed certicate.
Onehub Enterprise
Copyright 2012 Onehub Page 6 of 18
When installing the private key, make sure that there is no password on it. If there is a
password on the private key, it will prevent the web server from starting. The setup page will
display an error message if a key with a password is attempted to be used:
Ssl private key must be a valid RSA or DSA private key in PEM format,
with no passcode
If your private key has a passcode, its possible to remove it by following the directions at
http://www.akadia.com/services/ssh_test_certicate.html
MAIL
Root Address - any system-generated email by the Onehub Virtual Appliance which would
normally be sent to the root account will be sent to this address.
Relay Host - If you have a designated mail server on LAN which will accept email, provide the
host name here. If your email server requires authentication, click the SASL Authentication
button, and supply SASL credentials.
After the hostname and domain settings are changed and updated, verify that they are correct
by successfully connecting to http://<hostname>.<domain name>/setup (instead of the
numeric IP address).
4. Provision the Code File
After your settings have nalized, you can upload a code le to the Virtual Appliance by clicking
on the Code tab, then clicking on the Onehub Software Package panel, choosing a le, and
clicking Update. Status of the upload will be displayed as code is installed to the virtual
appliance. The code le can be obtained by contacting Onehub.
Onehub Enterprise
Copyright 2012 Onehub Page 7 of 18
5. Verify and Launch Onehub Enterprise
After the package has successfully been uploaded and installed you will automatically be
brought to the Dashboard tab. Wait approximately 30-60 seconds to give services a chance
to start and then verify that all services are marked as started (and green). If there are any
services that are not started (red), click on their START button.
After verifying that all services have started, click the Launch button in the upper right hand
corner. You will be taken to the Onehub Enterprise login screen:
Onehub Enterprise
Copyright 2012 Onehub Page 8 of 18
6. Applying the license
A license is not required during the beta period. After the beta period has expired, a license le
can be uploaded from the code page by clicking the Onehub License File panel, choosing a
supplied license le, and clicking Update.
7. Log in to Onehub Enterprise as Administrator
At the Onehub Enterprise login screen, log in as an Administrator with the following default
credentials:
Email: admin@onehub.local
Password: enterprise
Immediately change the Onehub Administrator password by clicking on the Onehub Admin
drop down menu, and choosing Password.
Onehub Enterprise
Copyright 2012 Onehub Page 9 of 18
Fill out the form on this page to update the password.
Administration
Accessing the Admin Page
To log in as the administrator, use the following credentials:
Email: admin@onehub.local
Password: (same as password setup during installation step 7)
After logging in as a Onehub Administrator you will see a tab titled Admin available to you.
Click on this to access the admin page where you can add accounts and administrate other
functions of the Onehub service.
Onehub Enterprise
Copyright 2012 Onehub Page 10 of 18
Creating Accounts
Within Onehub Enterprise, accounts can be created for separate teams or departments. This
allows them to have their own workspaces and users. Workspaces can still be shared with
users of other accounts.
To create a new account, select the Accounts section on the admin page. From here you can
click the Create Account button to setup a new account in the system. Fill out the required
information including the user who will be designated as the owner of the account and click
Create.
Troubleshooting
Verify Service Operation
The Dashboard page provides a convenient way to determine the status of various subsystems
which comprise Onehub Enterprise. Under normal operation, all services should be Green; in
the event of anomalous system operation, in cooperation with Onehub Support, each
subsystem can be stopped and restarted.
Frequently Asked Questions
Q: I FORGOT MY PASSWORD.
Click on the forgot my password link on the sign in page. To ensure that you receive the forgot
password email, verify that your email server settings are correct from the Settings page.
Onehub Enterprise
Copyright 2012 Onehub Page 11 of 18
Conguring LDAP User Authentication
Onehub Enterprise can be congured to authenticate users through an LDAP server. To
congure this feature, sign in as a Onehub Admin user, go to the Admin tab, then choose the
LDAP menu item.
Adding an LDAP Conguration
Click on Add an LDAP Conguration
An LDAP Conguration species an email domain name for which authentication has been
delegated. For example, supplying acme.com as the email domain would cause all users that
have email addresses ending in acme.com to be validated using LDAP.
Onehub Enterprise
Copyright 2012 Onehub Page 12 of 18
For the kind, specify ldap-ad for Active Directory LDAP.
For the Email Domain eld, enter the value that will match the email addresses for your
organization, and for Domain use the Windows-style domain name.
For the query base, use the default, or edit as necessary for your conguration.
The LDAP host can be specied, or by clicking Find LDAP server via DNS, the LDAP Host
value will be used as the DNS server to initiate a search for the LDAP server. Port should be
set to 636 for LDAPS, and auth_method simple_tls. These values will encrypt communications
between Onehub Enterprise and the LDAP server.
For LDAP Attribute for Email Address, leave this eld blank to use the UserPrincipleName
attribute result from the LDAP query, or provide the name of the eld that has been dened in
your LDAP schema for email addresses. This eld should be left blank if email addresses are
the same as the UserPrincipleName.
Onehub Enterprise
Copyright 2012 Onehub Page 13 of 18
Some email systems (e.g. Microsoft Exchange) store user email aliases in the LDAP
proxyAddresses attribute. If Use proxyAddresses for email aliases is checked, each time
an LDAP user logs in, any pending invitations for that users email addresses (those found in
the proxyAddresses attribute) will be presented to that user. For example, if
Andrew.Will@onehub.com also has an email alias of awill@onehub.com, invitations addressed
to either email address will be presented when Andrew logs in via LDAP.
Example: Acme corp uses the CORP domain, and their users have logins like
CORP\JaneUser and CORP\JoeUser. The email addresses for users are kept in the mail
attribute (which was added by Acme Corps IT department).
Email Domain would be set to corp.acme.com, Domain would be CORP, and the LDAP
Attribute for email address would be mail. A typical user in the Acme Corp CORP domain
would log in as CORP\JoeUser. Their email addresses might be something like
joe.user@acme.com.
Users that have been congured to be authenticated via LDAP will be unable to change their
passwords using Onehub Enterprise (the passwords are kept in the LDAP system); they will
also be unable to change or add email addresses from their Onehub settings.
Onehub Enterprise
Copyright 2012 Onehub Page 14 of 18
Upgrading
Upgrading the Virtual Appliance
To upgrade to a newer version of the Virtual Appliance, follow these steps:
1. Using the settings url (http://<hostname>/setup/settings), log in and note all appliance
conguration values.
2. Shutdown your appliance (using the Virtual Machine console display)
3. Power o# the Virtual Machine (if it did not do so automatically)
4. Back up your virtual machine folder
5. Locate and note the exact lename of the le in the virtual appliances folder ending in
disk2.vmdk. This is the Data Volume.
For example:
Volume in drive C is Acer
Volume Serial Number is 3A1D-2804
Directory of C:\Users\onehub\Documents\Virtual Machines
\enterprise_383d2d00_1344905374_upgrade_2
08/20/2012 04:07 PM 2,542,141,440 enterprise_383d2d00_1344905374_upgrade_2-
disk1.vmdk
08/20/2012 03:54 PM 17,235,968 enterprise_383d2d00_1344905374_upgrade_2-
disk2.vmdk
2 File(s) 2,559,377,408 bytes
0 Dir(s) 889,025,167,360 bytes free
The Data Volume lename in this case would be
enterprise_383d2d00_1344905374_upgrade_2-disk2.vmdk. This is the virtual disk
containing database and les.
6. Back up the le containing the Data Volume.
7. Import the new virtual appliance image le BUT DO NOT POWER IT ON.
8. Move or copy the Data Volume le to the folder containing the newly imported virtual
machine
9. Using the management tools of virtual machine environment:
Onehub Enterprise
Copyright 2012 Onehub Page 15 of 18
! Remove hard disk drive 2 from the old virtual machine
! Add a new hard disk to the newly imported virtual machine, using the existing Data
Volume le that youve moved into this virtual machine directory (step 8), keeping the
existing format.
! Ensure that the disk is available on the new virtual machine as IDE 0:1
10. Power on the new virtual machine
11. Congure the new Enterprise virtual appliance (using the web-based conguration located
at http://<hostname>/setup) using the same settings as the old virtual machine with
particular care to keep the Onehub Administrator passwords identical.
12. Install any new code release
13. Launch the application

Expanding the size of the Data Volume
Onehub Enterprise ships with a default data volume size of 80 GB. As data requirements
change, this size may need to be increased.
To determine the amount of storage being used, log in as the administrator, then click on the
status display in the upper right hand corner of the screen to display the amount of disk,
memory, and CPU being used. If the amount of disk storage used is over 85%, its probably a
good idea to add additional disk storage capacity.
The amount of used/free storage is also shown in the Admin page, and will display a red bar
when free disk space is low.
Onehub Enterprise
Copyright 2012 Onehub Page 16 of 18
While the mechanism for expanding disk volumes is dependent upon the Virtual Environment in
which Onehub Enterprise is used, the concept is similar for all: Expand the Virtual Disk le
containing the Data Volume, then inform the guest operating system that the volume has
expanded.
For VMware, the relevant knowledge base articles include:
http://kb.vmware.com/kb/1004047 (Increasing the size of a virtual disk)
and
http://kb.vmware.com/kb/1004071 (Increasing the size of a disk partition)
Onehub Enterprise uses Ubuntu with LVM -- the Onehub Enterprise data volume is part of the
Logical Volume named data. The article at http://kb.vmware.com/kb/1006371 details how a
newly created and added disk can be added to a logical volume group. The mechanism is
similar to add a new partition on an newly-resized virtual disk.
Onehub Enterprise
Copyright 2012 Onehub Page 17 of 18
Additional Information
Ports used by Onehub Enterprise
Port Direction Purpose
80 incoming Initial HTTP connection to the server; redirects
immediately to port 443
443 incoming Web tra$c
21 incoming FTP control connection
53451-56450 incoming FTP data ports
22 incoming SSH
25 outgoing SMTP
636 outgoing Secure LDAP (if LDAP congured)
53 outgoing DNS Queries (TCP and UDP)
Onehub Enterprise
Copyright 2012 Onehub Page 18 of 18