SlideShare a Scribd company logo

Introduction to Globus for System Administrators

ā€¢
ā€¢
Globus
Globus

We review the Globus Connect Server v5 (GCSv5) architecture and deployment model, and describe the process for creating a Globus endpoint on your HPC cluster, lab server, or other multi-user storage system. You will experiment with installing Globus Connect Server, and configuring basic options on the endpoint.

Software
1 of 55
Download to read offline
Introduction to Globus for System Administrators Brigitte Raumann braumann@uchicago.edu Case Western Reserve University October 23, 2023
Our focus in this session ā€¢ Step by step tutorial on how to make your multi-user storage accessible by your users via Globus ā€¢ Overview of configuration options and best practices
Globus Connect Server v5 Overview
Globus Connect Server v4 will be discontinued December 18, 2023 Migration tools are available, please update!
Globus Connect Server v5 Architecture
Globus Connect Server v5 Architecture
Globus Connect Server v5 Architecture Goal of todayā€™s tutorial
Globus Connect Server install walkthrough docs.globus.org/globus-connect-server docs.globus.org/globus-connect-server/v5.4/quickstart
Globus Connect Server install walkthrough Key Prerequisite: Network Accessibility docs.globus.org/globus-connect-server/v5.4/#open-tcp-ports_section Port 443 must be publicly routable Ports 50000-51000 used only during transfers as needed can be on private net
Globus Connect Server install walkthrough Preliminaries Satisfy technical prerequisites Install GCS packages on your server Deploy Globus Connect Server 1. Set up the endpoint 2. Add data transfer node(s) to the endpoint 3. Create a POSIX storage gateway 4. Create a mapped collection
Configure subscription features 5. Associate endpoint with a subscription 6. Create a guest collection to enable data sharing 7. Enable browser down/upload (HTTPS access) 8. Add non-POSIX storage systems to the endpoint Globus Connect Server install walkthrough
GCS v5 install walkthrough Preliminaries Satisfy technical prerequisites Install GCS packages on your server Already done on your servers.
GCS v5 install walkthrough Install GCS packages on your server $ curl -LOs http://downloads.globus.org/globus-connect- server/stable/installers/repo/deb/globus-repo_latest_all.deb $ dpkg -i globus-repo_latest_all.deb $ apt-key add /usr/share/globus-repo/RPM-GPG-KEY-Globus $ apt-get update $ apt-get --assume-yes install globus-connect-server54 Already done on your servers. docs.globus.org/globus-connect-server/v5.4/#install_section
Claim your server 1. Log into Globus at app.globus.org 2. Select ā€œclaim your virtual machineā€ at bit.ly/gw-tut 3. Enter your name, email address, and identity used to log into Globus then note the number in your server DNS name bit.ly/gw-tut
SSH into your server 1. Open a terminal window on your laptop 2. $ ssh admin<#>@tut<#>.globusdemo.org $ Passwd: $ ssh admin3@tut3.globusdemo.org Example # of your DNS server from the spreadsheet Commands at bit.ly/gw-tut
19
1. Create the Endpoint $ globus-connect-server endpoint setup > "My Endpoint" > --organization "My Organization" > --contact-email me@uchicago.edu > --owner me@globusid.org Commands at bit.ly/gw-tut docs.globus.org/globus-connect-server/v5.4/#create_the_endpoint
What does endpoint setup do? ā€¢ Creates your endpoint in the Globus services ā€¢ Creates the endpoint in Globus Transfer service ā€¢ Registers a Globus Auth client ā€¢ Registers a domain name of endpoint ā€¢ Obtain host certificate for interaction with endpoint ā€¢ Writes deployment-key.json
The Deployment Key ā€¢ Generated by the endpoint setup command ā€¢ Located in deployment-key.json ā€¢ Contains ā€¢ Client ID and secret ā€¢ Encryption key to endpoint configuration stored in the Globus service ā€¢ Used to add data transfer nodes to the endpoint ā€¢ Can be used to recover your deployment ā€¢ Cannot be recovered by Globus ā€¢ Treat it like a password ā€“ know where it is and secure it
Where we are so far
24
Data Transfer Node set up $ sudo globus-connect-server node setup Note: deployment-key.json should be in same directory or specified location What does node setup do? ā€¢ It adds your machine to your endpoint ā€¢ Starts services on your machine Commands at bit.ly/gw-tut docs.globus.org/globus-connect-server/v5.4/#gcsv5-node-setup
Display endpoint details $ globus-connect-server login localhost $ globus-connect-server endpoint show Commands at bit.ly/gw-tut docs.globus.org/globus-connect-server/v5.4/reference/
Where we are so far
28
Storage Gateways policies defineā€¦ ā€¢ Who may use Globus to access your storage? ā€¢ Which parts of the file system are accessible via Globus? ā€¢ What are the authentication requirements? ā€¢ What type of storage? ā€“POSIX or AWS S3* or Google Cloud* or Box* or ā€¦ *Subscription feature
Who may use Globus to access your storage ā€¢ Which Globus users? ā€“Select one or more Globus identity domains ā€¢ Which local users? ā€“ Deny or allow local users or groups ā€¢ How do Globus users relate (map) to local users? ā€“Configure the method to map Globus user to local account Storage Gateways policies defineā€¦ docs.globus.org/globus-connect-server/v5.4/data-access-guide/#creating_a_storage_gateway
Which Globus users? ā€¢ User must have an identity from one of the configured domains ā€“ On access attempts, linked identities will be scanned for a match ā€“ If no identity from the required domain(s), user will be asked to link one ā€“ Note: Domain restriction for data sharing are configured on mapped collection, not storage gateway ā€¢ Identity domains may includeā€¦ ā€“ any organization in the Globus federated IdP list ā€“ your institutionā€™s identity provider trusted by Globus ā€“ a local OpenID Connect (OIDC) server using your PAM stack docs.globus.org/globus-connect-server/v5.4/data-access-guide/#authentication_policies
Which local users? ā€¢ You can further narrow the access universe usingā€¦ --user-allow --user-deny --posix-group-allow (POSIX storage gateways only) --posix-group-deny (POSIX storage gateways only) docs.globus.org/globus-connect-server/v5.4/data-access-guide/#user_access_overview
How do Globus users and local users relate (map)? ā€¢ Default: Strip identity domain (everything after ā€œ@ā€) ā€“ e.g. userX@globusdemo.org maps to local account userX ā€“ Best for campus identities w/synchronized local accounts ā€¢ Use --identity-mapping option on storage gateway ā€“ Specify expression in a JSON document ā€“ Execute a custom script which Globus Connect Server calls when it needs to map an identity. docs.globus.org/globus-connect-server/v5.4/identity-mapping-guide/ docs.globus.org/globus-connect-server/v5.4/data-access-guide/#identity_mapping_overview
gigi@globus.org tennislover@gmail.com jbarker@case.edu rmcnally@case.edu cstanley@case.edu jbarker@state.edu hsiebel@state.edu Mapping identities to local accounts Globus identities Local users dan@iit.edu Allow Globus identity domain case.edu jbarker rmcnally ascott Use default mapping Deny user rmcnally
What parts of the file system are accessible via Globus ā€¢ Can restrict user access via Globus to subtrees ā€“restrict access via Globus to userā€™s home directory, for example ā€¢ Use --restrict_paths to specify narrower read, read/write, or deny access for specific paths ā€“ You provide a JSON doc that lists paths for each permission type Storage Gateways policies defineā€¦ docs.globus.org/globus-connect-server/v5.4/data-access-guide/#data_access_policies
What are the authentication requirements ā€¢ How often should users reauthenticate? ā€“Default 11 days ā€¢ Should extra authentication assurances be required?* ā€“Session isolation? ā€“MFA? *Subscription feature Storage Gateways policies defineā€¦ docs.globus.org/globus-connect-server/v5.4/data-access-guide/#authentication_policies
3. Create a storage gateway $ globus-connect-server storage-gateway create posix > "My POSIX Storage Gateway" > --domain globusid.org > --user-deny root > --authentication-timeout-mins 180 $ globus-connect-server storage-gateway list Commands at bit.ly/gw-tut
Where we are so far
39
Mapped Collection A collection is the data access interface that Globus presents to your user. A mapped collection is only accessible to Globus users that ā€œmapā€ to a local account. docs.globus.org/globus-connect-server/v5.4/data-access-guide/#mapped_collection
Mapped collection policies to consider ā€¢ What is the base path or root of your mapped collection? ā€¢ Topmost directory available to user. Recommend narrowest base path possible ā€¢ Must all transfers be encrypted? ā€¢ Can HTTPS be used to move data? ā€¢ Are users allowed to share* data? If so, what are sharing policies? ā€¢ More policiesā€¦ *Subscription feature docs.globus.org/globus-connect-server/v5.4/data-access-guide/#data_access_collection_create
4. Create a mapped collection $ globus-connect-server collection create > f77ff456-1f18-41d3-94a7-f3fd8858ea4d > / > "State University HPC Center" > --organization "State University" > --contact-email support@example.org > --description "Gamma storage at State U" Specifying "/" as the base path sets the collection root to the local userā€™s home directory Adding metadata to your collection will help your users. Collection base path Storage gateway UUID Commands at bit.ly/gw-tut Collection name
Globus Connect Server v5 Architecture Done!
Access our mapped collection
We are using the default identity mapping, soā€¦ Create a local user account that is the same are your user name in the storage gatewayā€™s allowed domain. ā€“ e.g., for jbaer@case.edu create local account ā€œjbaerā€ $ sudo adduser --disabled-password --gecos 'jbaer' jbaer Access your mapped collection via the web appā€¦ ā€¦and move some files, if you like Commands at bit.ly/gw-tut
Subscription Features
5. Associating your endpoint with a subscription Must be subscription manager. $ globus-connect-server endpoint set-subscription-id or go to app.globus.org/console/endpoints Confirm: $ globus-connect-server endpoint show Commands at bit.ly/gw-tut
Globus Data Sharing ā€¢ Primary access (via a mapped collection) requires an account on the host system ā€¢ Subscribers may allow mapped collection users to share with others who donā€™t have accounts on the host system (via guest collections)
6. Enabling sharing (guest collections) ā€¢ Configure sharing policies on mapped collection ā€¢ You can restrict the authorized accountsā€¦ o --sharing-user-allow --sharing-user-deny o --posix-sharing-group-allow o --posix-sharing-group-deny ā€¢ ā€¦and sharing pathsā€¦ o --sharing-restrict-paths (specify JSON PathRestrictions) ā€¢ You can also set policies for specific user/path combinations o $ globus-connect-server sharing-policy create ...
Data sharing configuration considerations Any restrictions on the sharing permissions levels? Read-only sharing? Read- only for some paths and read/write for other paths? Any restrictions on which users may share? Only users with training may share? Any restrictions on paths that may be shared with guests? Only share home directory? Any user specific sharing policies? Can Alice share any folder she can access, but Bob can only share folders in his home directory? Any restrictions on the identity domain of the guest? No sharing with gmail.com?
Data sharing monitoring and management Admins of mapped collections mayā€¦ View access control lists. Delete access control lists. Delete guest collections. Delete guest collections according to last time they were accessed or created.
7. Enable web browser upload and download ā€¢ Authorized users can upload, download files via a browser ā€¢ Must have permissions to the collection ā€“ Collection configuration governs access ā€“ Web server is a different application (separate authentication)
Using the management console
The Management Console Monitor and manage transfers* ā€¢ Real time overview of transfers in and out of your system ā€¢ Pause or cancel transfers by endpoint or by user Set a pause rule for current and future transfers or users* ā€¢ Ideal for maintenance mode Manage your endpoint ā€¢ Edit metadata* ā€¢ Associate it with a subscription Manage your clients *Subscription feature
Resources ā€¢ GCSv5 Guides: docs.globus.org/globus-connect- server/ ā€¢ Migration: docs.globus.org/globus-connect- server/migrating-to-v5.4/ ā€¢ Globus support: support@globus.org

Recommended

Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)Globus
Ā 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
Ā 
Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Globus
Ā 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
Ā 
Migrating to Globus Connect Server v5
Migrating to Globus Connect Server v5Migrating to Globus Connect Server v5
Migrating to Globus Connect Server v5Globus
Ā 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
Ā 
GlobusWorld 2021 Tutorial: Globus for System Administrators
GlobusWorld 2021 Tutorial: Globus for System AdministratorsGlobusWorld 2021 Tutorial: Globus for System Administrators
GlobusWorld 2021 Tutorial: Globus for System AdministratorsGlobus
Ā 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
Ā 

Recommended

Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)Making Storage Systems Accessible via Globus (GlobusWorld Tour West)
Making Storage Systems Accessible via Globus (GlobusWorld Tour West)Globus
Ā 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
Ā 
Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Connecting Your System to Globus (APS Workshop)
Connecting Your System to Globus (APS Workshop)Globus
Ā 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
Ā 
Migrating to Globus Connect Server v5
Migrating to Globus Connect Server v5Migrating to Globus Connect Server v5
Migrating to Globus Connect Server v5Globus
Ā 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
Ā 
GlobusWorld 2021 Tutorial: Globus for System Administrators
GlobusWorld 2021 Tutorial: Globus for System AdministratorsGlobusWorld 2021 Tutorial: Globus for System Administrators
GlobusWorld 2021 Tutorial: Globus for System AdministratorsGlobus
Ā 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
Ā 
Advanced Globus System Administration Topics
Advanced Globus System Administration TopicsAdvanced Globus System Administration Topics
Advanced Globus System Administration TopicsGlobus
Ā 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
Ā 
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)Globus
Ā 
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus
Ā 
Tutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsTutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsGlobus
Ā 
Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)Globus
Ā 
Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)Globus
Ā 
Automating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformAutomating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformGlobus
Ā 
Automating Research Data Flows and an Introduction to the Globus Platform
Automating Research Data Flows and an Introduction to the Globus PlatformAutomating Research Data Flows and an Introduction to the Globus Platform
Automating Research Data Flows and an Introduction to the Globus PlatformGlobus
Ā 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
Ā 
Globus Connect Server v5 Q&A Briefing
Globus Connect Server v5 Q&A BriefingGlobus Connect Server v5 Q&A Briefing
Globus Connect Server v5 Q&A BriefingGlobus
Ā 
Globus Command Line Interface (APS Workshop)
Globus Command Line Interface (APS Workshop)Globus Command Line Interface (APS Workshop)
Globus Command Line Interface (APS Workshop)Globus
Ā 
Globus Endpoint Administration (GlobusWorld Tour - STFC)
Globus Endpoint Administration (GlobusWorld Tour - STFC)Globus Endpoint Administration (GlobusWorld Tour - STFC)
Globus Endpoint Administration (GlobusWorld Tour - STFC)Globus
Ā 
Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)Globus
Ā 
Globus Connect Server 5.1 Webinar
Globus Connect Server 5.1 WebinarGlobus Connect Server 5.1 Webinar
Globus Connect Server 5.1 WebinarGlobus
Ā 
Working with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsWorking with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsGlobus
Ā 
Data Publication and Discovery with Globus
Data Publication and Discovery with GlobusData Publication and Discovery with Globus
Data Publication and Discovery with GlobusGlobus
Ā 
Globus Endpoint Migration and Advanced Administration Topics
Globus Endpoint Migration and Advanced Administration TopicsGlobus Endpoint Migration and Advanced Administration Topics
Globus Endpoint Migration and Advanced Administration TopicsGlobus
Ā 
Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Globus
Ā 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
Ā 
Instrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowInstrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowGlobus
Ā 
Building Research Applications with Globus PaaS
Building Research Applications with Globus PaaSBuilding Research Applications with Globus PaaS
Building Research Applications with Globus PaaSGlobus
Ā 

More Related Content

Similar to Introduction to Globus for System Administrators

Advanced Globus System Administration Topics
Advanced Globus System Administration TopicsAdvanced Globus System Administration Topics
Advanced Globus System Administration TopicsGlobus
Ā 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
Ā 
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)Globus
Ā 
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus
Ā 
Tutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsTutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsGlobus
Ā 
Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)Globus
Ā 
Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)Globus
Ā 
Automating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformAutomating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformGlobus
Ā 
Automating Research Data Flows and an Introduction to the Globus Platform
Automating Research Data Flows and an Introduction to the Globus PlatformAutomating Research Data Flows and an Introduction to the Globus Platform
Automating Research Data Flows and an Introduction to the Globus PlatformGlobus
Ā 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
Ā 
Globus Connect Server v5 Q&A Briefing
Globus Connect Server v5 Q&A BriefingGlobus Connect Server v5 Q&A Briefing
Globus Connect Server v5 Q&A BriefingGlobus
Ā 
Globus Command Line Interface (APS Workshop)
Globus Command Line Interface (APS Workshop)Globus Command Line Interface (APS Workshop)
Globus Command Line Interface (APS Workshop)Globus
Ā 
Globus Endpoint Administration (GlobusWorld Tour - STFC)
Globus Endpoint Administration (GlobusWorld Tour - STFC)Globus Endpoint Administration (GlobusWorld Tour - STFC)
Globus Endpoint Administration (GlobusWorld Tour - STFC)Globus
Ā 
Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)Globus
Ā 
Globus Connect Server 5.1 Webinar
Globus Connect Server 5.1 WebinarGlobus Connect Server 5.1 Webinar
Globus Connect Server 5.1 WebinarGlobus
Ā 
Working with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsWorking with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsGlobus
Ā 
Data Publication and Discovery with Globus
Data Publication and Discovery with GlobusData Publication and Discovery with Globus
Data Publication and Discovery with GlobusGlobus
Ā 
Globus Endpoint Migration and Advanced Administration Topics
Globus Endpoint Migration and Advanced Administration TopicsGlobus Endpoint Migration and Advanced Administration Topics
Globus Endpoint Migration and Advanced Administration TopicsGlobus
Ā 
Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Globus
Ā 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
Ā 

Similar to Introduction to Globus for System Administrators (20)

Advanced Globus System Administration Topics
Advanced Globus System Administration TopicsAdvanced Globus System Administration Topics
Advanced Globus System Administration Topics
Ā 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System Administrators
Ā 
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Introduction to Globus for System Administrators (GlobusWorld Tour - UMich)
Ā 
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
Ā 
Tutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsTutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System Administrators
Ā 
Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)Globus for System Administrators (CHPC 2019 - South Africa)
Globus for System Administrators (CHPC 2019 - South Africa)
Ā 
Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)Globus for System Administrators (GlobusWorld Tour - UCSD)
Globus for System Administrators (GlobusWorld Tour - UCSD)
Ā 
Automating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformAutomating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus Platform
Ā 
Automating Research Data Flows and an Introduction to the Globus Platform
Automating Research Data Flows and an Introduction to the Globus PlatformAutomating Research Data Flows and an Introduction to the Globus Platform
Automating Research Data Flows and an Introduction to the Globus Platform
Ā 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System Administrators
Ā 
Globus Connect Server v5 Q&A Briefing
Globus Connect Server v5 Q&A BriefingGlobus Connect Server v5 Q&A Briefing
Globus Connect Server v5 Q&A Briefing
Ā 
Globus Command Line Interface (APS Workshop)
Globus Command Line Interface (APS Workshop)Globus Command Line Interface (APS Workshop)
Globus Command Line Interface (APS Workshop)
Ā 
Globus Endpoint Administration (GlobusWorld Tour - STFC)
Globus Endpoint Administration (GlobusWorld Tour - STFC)Globus Endpoint Administration (GlobusWorld Tour - STFC)
Globus Endpoint Administration (GlobusWorld Tour - STFC)
Ā 
Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)Globus for System Administrators (GlobusWorld Tour - Columbia University)
Globus for System Administrators (GlobusWorld Tour - Columbia University)
Ā 
Globus Connect Server 5.1 Webinar
Globus Connect Server 5.1 WebinarGlobus Connect Server 5.1 Webinar
Globus Connect Server 5.1 Webinar
Ā 
Working with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsWorking with Globus Platform Services and Portals
Working with Globus Platform Services and Portals
Ā 
Data Publication and Discovery with Globus
Data Publication and Discovery with GlobusData Publication and Discovery with Globus
Data Publication and Discovery with Globus
Ā 
Globus Endpoint Migration and Advanced Administration Topics
Globus Endpoint Migration and Advanced Administration TopicsGlobus Endpoint Migration and Advanced Administration Topics
Globus Endpoint Migration and Advanced Administration Topics
Ā 
Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus
Ā 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System Administration
Ā 

More from Globus

Instrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowInstrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowGlobus
Ā 
Building Research Applications with Globus PaaS
Building Research Applications with Globus PaaSBuilding Research Applications with Globus PaaS
Building Research Applications with Globus PaaSGlobus
Ā 
Reliable, Remote Computation at All Scales
Reliable, Remote Computation at All ScalesReliable, Remote Computation at All Scales
Reliable, Remote Computation at All ScalesGlobus
Ā 
Best Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using GlobusBest Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using GlobusGlobus
Ā 
An Introduction to Globus for Researchers
An Introduction to Globus for ResearchersAn Introduction to Globus for Researchers
An Introduction to Globus for ResearchersGlobus
Ā 
Introduction to Research Automation with Globus
Introduction to Research Automation with GlobusIntroduction to Research Automation with Globus
Introduction to Research Automation with GlobusGlobus
Ā 
Introduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for ResearchersIntroduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for ResearchersGlobus
Ā 
Introduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersIntroduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersGlobus
Ā 
Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)Globus
Ā 
Automating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and ComputeAutomating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and ComputeGlobus
Ā 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
Ā 
Introduction to Globus for New Users
Introduction to Globus for New UsersIntroduction to Globus for New Users
Introduction to Globus for New UsersGlobus
Ā 
Globus Automation
Globus AutomationGlobus Automation
Globus AutomationGlobus
Ā 
Introduction to Globus
Introduction to GlobusIntroduction to Globus
Introduction to GlobusGlobus
Ā 
Working with Globus Platform Services
Working with Globus Platform ServicesWorking with Globus Platform Services
Working with Globus Platform ServicesGlobus
Ā 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
Ā 
Using Globus to Streamline Research at Scale
Using Globus to Streamline Research at ScaleUsing Globus to Streamline Research at Scale
Using Globus to Streamline Research at ScaleGlobus
Ā 
Introduction to Globus for Researchers
Introduction to Globus for ResearchersIntroduction to Globus for Researchers
Introduction to Globus for ResearchersGlobus
Ā 
Introduction to Globus for New Users
Introduction to Globus for New UsersIntroduction to Globus for New Users
Introduction to Globus for New UsersGlobus
Ā 

More from Globus (19)

Instrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowInstrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a Flow
Ā 
Building Research Applications with Globus PaaS
Building Research Applications with Globus PaaSBuilding Research Applications with Globus PaaS
Building Research Applications with Globus PaaS
Ā 
Reliable, Remote Computation at All Scales
Reliable, Remote Computation at All ScalesReliable, Remote Computation at All Scales
Reliable, Remote Computation at All Scales
Ā 
Best Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using GlobusBest Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using Globus
Ā 
An Introduction to Globus for Researchers
An Introduction to Globus for ResearchersAn Introduction to Globus for Researchers
An Introduction to Globus for Researchers
Ā 
Introduction to Research Automation with Globus
Introduction to Research Automation with GlobusIntroduction to Research Automation with Globus
Introduction to Research Automation with Globus
Ā 
Introduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for ResearchersIntroduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for Researchers
Ā 
Introduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersIntroduction to the Globus Platform for Developers
Introduction to the Globus Platform for Developers
Ā 
Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)
Ā 
Automating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and ComputeAutomating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and Compute
Ā 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System Administration
Ā 
Introduction to Globus for New Users
Introduction to Globus for New UsersIntroduction to Globus for New Users
Introduction to Globus for New Users
Ā 
Globus Automation
Globus AutomationGlobus Automation
Globus Automation
Ā 
Introduction to Globus
Introduction to GlobusIntroduction to Globus
Introduction to Globus
Ā 
Working with Globus Platform Services
Working with Globus Platform ServicesWorking with Globus Platform Services
Working with Globus Platform Services
Ā 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System Administration
Ā 
Using Globus to Streamline Research at Scale
Using Globus to Streamline Research at ScaleUsing Globus to Streamline Research at Scale
Using Globus to Streamline Research at Scale
Ā 
Introduction to Globus for Researchers
Introduction to Globus for ResearchersIntroduction to Globus for Researchers
Introduction to Globus for Researchers
Ā 
Introduction to Globus for New Users
Introduction to Globus for New UsersIntroduction to Globus for New Users
Introduction to Globus for New Users
Ā 

Recently uploaded

Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024StefanoLambiase
Ā 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
Ā 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
Ā 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
Ā 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
Ā 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
Ā 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
Ā 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
Ā 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
Ā 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
Ā 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
Ā 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
Ā 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
Ā 
č‹±å›½UN学位čƁ,åŒ—å®‰ę™®é”æ大学ęƕäøščƁ书1:1制作
č‹±å›½UN学位čƁ,åŒ—å®‰ę™®é”æ大学ęƕäøščƁ书1:1åˆ¶ä½œč‹±å›½UN学位čƁ,åŒ—å®‰ę™®é”æ大学ęƕäøščƁ书1:1制作
č‹±å›½UN学位čƁ,åŒ—å®‰ę™®é”æ大学ęƕäøščƁ书1:1制作qr0udbr0
Ā 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
Ā 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
Ā 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
Ā 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
Ā 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
Ā 

Recently uploaded (20)

Hot Sexy call girls in Patel NagaršŸ” 9953056974 šŸ” escort Service
Hot Sexy call girls in Patel NagaršŸ” 9953056974 šŸ” escort ServiceHot Sexy call girls in Patel NagaršŸ” 9953056974 šŸ” escort Service
Hot Sexy call girls in Patel NagaršŸ” 9953056974 šŸ” escort Service
Ā 
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024
Dealing with Cultural Dispersion ā€” Stefano Lambiase ā€” ICSE-SEIS 2024
Ā 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
Ā 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
Ā 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
Ā 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
Ā 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
Ā 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
Ā 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
Ā 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
Ā 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
Ā 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
Ā 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
Ā 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
Ā 
č‹±å›½UN学位čƁ,åŒ—å®‰ę™®é”æ大学ęƕäøščƁ书1:1制作
č‹±å›½UN学位čƁ,åŒ—å®‰ę™®é”æ大学ęƕäøščƁ书1:1åˆ¶ä½œč‹±å›½UN学位čƁ,åŒ—å®‰ę™®é”æ大学ęƕäøščƁ书1:1制作
č‹±å›½UN学位čƁ,åŒ—å®‰ę™®é”æ大学ęƕäøščƁ书1:1制作
Ā 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Ā 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Ā 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
Ā 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
Ā 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
Ā 

Introduction to Globus for System Administrators

  • 1. Introduction to Globus for System Administrators Brigitte Raumann braumann@uchicago.edu Case Western Reserve University October 23, 2023
  • 2. Our focus in this session ā€¢ Step by step tutorial on how to make your multi-user storage accessible by your users via Globus ā€¢ Overview of configuration options and best practices
  • 4. Globus Connect Server v4 will be discontinued December 18, 2023 Migration tools are available, please update!
  • 5.
  • 6.
  • 7.
  • 8. Globus Connect Server v5 Architecture
  • 9. Globus Connect Server v5 Architecture
  • 10. Globus Connect Server v5 Architecture Goal of todayā€™s tutorial
  • 11. Globus Connect Server install walkthrough docs.globus.org/globus-connect-server docs.globus.org/globus-connect-server/v5.4/quickstart
  • 12. Globus Connect Server install walkthrough Key Prerequisite: Network Accessibility docs.globus.org/globus-connect-server/v5.4/#open-tcp-ports_section Port 443 must be publicly routable Ports 50000-51000 used only during transfers as needed can be on private net
  • 13. Globus Connect Server install walkthrough Preliminaries Satisfy technical prerequisites Install GCS packages on your server Deploy Globus Connect Server 1. Set up the endpoint 2. Add data transfer node(s) to the endpoint 3. Create a POSIX storage gateway 4. Create a mapped collection
  • 14. Configure subscription features 5. Associate endpoint with a subscription 6. Create a guest collection to enable data sharing 7. Enable browser down/upload (HTTPS access) 8. Add non-POSIX storage systems to the endpoint Globus Connect Server install walkthrough
  • 15. GCS v5 install walkthrough Preliminaries Satisfy technical prerequisites Install GCS packages on your server Already done on your servers.
  • 16. GCS v5 install walkthrough Install GCS packages on your server $ curl -LOs http://downloads.globus.org/globus-connect- server/stable/installers/repo/deb/globus-repo_latest_all.deb $ dpkg -i globus-repo_latest_all.deb $ apt-key add /usr/share/globus-repo/RPM-GPG-KEY-Globus $ apt-get update $ apt-get --assume-yes install globus-connect-server54 Already done on your servers. docs.globus.org/globus-connect-server/v5.4/#install_section
  • 17. Claim your server 1. Log into Globus at app.globus.org 2. Select ā€œclaim your virtual machineā€ at bit.ly/gw-tut 3. Enter your name, email address, and identity used to log into Globus then note the number in your server DNS name bit.ly/gw-tut
  • 18. SSH into your server 1. Open a terminal window on your laptop 2. $ ssh admin<#>@tut<#>.globusdemo.org $ Passwd: $ ssh admin3@tut3.globusdemo.org Example # of your DNS server from the spreadsheet Commands at bit.ly/gw-tut
  • 19. 19
  • 20. 1. Create the Endpoint $ globus-connect-server endpoint setup > "My Endpoint" > --organization "My Organization" > --contact-email me@uchicago.edu > --owner me@globusid.org Commands at bit.ly/gw-tut docs.globus.org/globus-connect-server/v5.4/#create_the_endpoint
  • 21. What does endpoint setup do? ā€¢ Creates your endpoint in the Globus services ā€¢ Creates the endpoint in Globus Transfer service ā€¢ Registers a Globus Auth client ā€¢ Registers a domain name of endpoint ā€¢ Obtain host certificate for interaction with endpoint ā€¢ Writes deployment-key.json
  • 22. The Deployment Key ā€¢ Generated by the endpoint setup command ā€¢ Located in deployment-key.json ā€¢ Contains ā€¢ Client ID and secret ā€¢ Encryption key to endpoint configuration stored in the Globus service ā€¢ Used to add data transfer nodes to the endpoint ā€¢ Can be used to recover your deployment ā€¢ Cannot be recovered by Globus ā€¢ Treat it like a password ā€“ know where it is and secure it
  • 24. 24
  • 25. Data Transfer Node set up $ sudo globus-connect-server node setup Note: deployment-key.json should be in same directory or specified location What does node setup do? ā€¢ It adds your machine to your endpoint ā€¢ Starts services on your machine Commands at bit.ly/gw-tut docs.globus.org/globus-connect-server/v5.4/#gcsv5-node-setup
  • 26. Display endpoint details $ globus-connect-server login localhost $ globus-connect-server endpoint show Commands at bit.ly/gw-tut docs.globus.org/globus-connect-server/v5.4/reference/
  • 28. 28
  • 29. Storage Gateways policies defineā€¦ ā€¢ Who may use Globus to access your storage? ā€¢ Which parts of the file system are accessible via Globus? ā€¢ What are the authentication requirements? ā€¢ What type of storage? ā€“POSIX or AWS S3* or Google Cloud* or Box* or ā€¦ *Subscription feature
  • 30. Who may use Globus to access your storage ā€¢ Which Globus users? ā€“Select one or more Globus identity domains ā€¢ Which local users? ā€“ Deny or allow local users or groups ā€¢ How do Globus users relate (map) to local users? ā€“Configure the method to map Globus user to local account Storage Gateways policies defineā€¦ docs.globus.org/globus-connect-server/v5.4/data-access-guide/#creating_a_storage_gateway
  • 31. Which Globus users? ā€¢ User must have an identity from one of the configured domains ā€“ On access attempts, linked identities will be scanned for a match ā€“ If no identity from the required domain(s), user will be asked to link one ā€“ Note: Domain restriction for data sharing are configured on mapped collection, not storage gateway ā€¢ Identity domains may includeā€¦ ā€“ any organization in the Globus federated IdP list ā€“ your institutionā€™s identity provider trusted by Globus ā€“ a local OpenID Connect (OIDC) server using your PAM stack docs.globus.org/globus-connect-server/v5.4/data-access-guide/#authentication_policies
  • 32. Which local users? ā€¢ You can further narrow the access universe usingā€¦ --user-allow --user-deny --posix-group-allow (POSIX storage gateways only) --posix-group-deny (POSIX storage gateways only) docs.globus.org/globus-connect-server/v5.4/data-access-guide/#user_access_overview
  • 33. How do Globus users and local users relate (map)? ā€¢ Default: Strip identity domain (everything after ā€œ@ā€) ā€“ e.g. userX@globusdemo.org maps to local account userX ā€“ Best for campus identities w/synchronized local accounts ā€¢ Use --identity-mapping option on storage gateway ā€“ Specify expression in a JSON document ā€“ Execute a custom script which Globus Connect Server calls when it needs to map an identity. docs.globus.org/globus-connect-server/v5.4/identity-mapping-guide/ docs.globus.org/globus-connect-server/v5.4/data-access-guide/#identity_mapping_overview
  • 34. gigi@globus.org tennislover@gmail.com jbarker@case.edu rmcnally@case.edu cstanley@case.edu jbarker@state.edu hsiebel@state.edu Mapping identities to local accounts Globus identities Local users dan@iit.edu Allow Globus identity domain case.edu jbarker rmcnally ascott Use default mapping Deny user rmcnally
  • 35. What parts of the file system are accessible via Globus ā€¢ Can restrict user access via Globus to subtrees ā€“restrict access via Globus to userā€™s home directory, for example ā€¢ Use --restrict_paths to specify narrower read, read/write, or deny access for specific paths ā€“ You provide a JSON doc that lists paths for each permission type Storage Gateways policies defineā€¦ docs.globus.org/globus-connect-server/v5.4/data-access-guide/#data_access_policies
  • 36. What are the authentication requirements ā€¢ How often should users reauthenticate? ā€“Default 11 days ā€¢ Should extra authentication assurances be required?* ā€“Session isolation? ā€“MFA? *Subscription feature Storage Gateways policies defineā€¦ docs.globus.org/globus-connect-server/v5.4/data-access-guide/#authentication_policies
  • 37. 3. Create a storage gateway $ globus-connect-server storage-gateway create posix > "My POSIX Storage Gateway" > --domain globusid.org > --user-deny root > --authentication-timeout-mins 180 $ globus-connect-server storage-gateway list Commands at bit.ly/gw-tut
  • 39. 39
  • 40. Mapped Collection A collection is the data access interface that Globus presents to your user. A mapped collection is only accessible to Globus users that ā€œmapā€ to a local account. docs.globus.org/globus-connect-server/v5.4/data-access-guide/#mapped_collection
  • 41. Mapped collection policies to consider ā€¢ What is the base path or root of your mapped collection? ā€¢ Topmost directory available to user. Recommend narrowest base path possible ā€¢ Must all transfers be encrypted? ā€¢ Can HTTPS be used to move data? ā€¢ Are users allowed to share* data? If so, what are sharing policies? ā€¢ More policiesā€¦ *Subscription feature docs.globus.org/globus-connect-server/v5.4/data-access-guide/#data_access_collection_create
  • 42. 4. Create a mapped collection $ globus-connect-server collection create > f77ff456-1f18-41d3-94a7-f3fd8858ea4d > / > "State University HPC Center" > --organization "State University" > --contact-email support@example.org > --description "Gamma storage at State U" Specifying "/" as the base path sets the collection root to the local userā€™s home directory Adding metadata to your collection will help your users. Collection base path Storage gateway UUID Commands at bit.ly/gw-tut Collection name
  • 43. Globus Connect Server v5 Architecture Done!
  • 45. We are using the default identity mapping, soā€¦ Create a local user account that is the same are your user name in the storage gatewayā€™s allowed domain. ā€“ e.g., for jbaer@case.edu create local account ā€œjbaerā€ $ sudo adduser --disabled-password --gecos 'jbaer' jbaer Access your mapped collection via the web appā€¦ ā€¦and move some files, if you like Commands at bit.ly/gw-tut
  • 47. 5. Associating your endpoint with a subscription Must be subscription manager. $ globus-connect-server endpoint set-subscription-id or go to app.globus.org/console/endpoints Confirm: $ globus-connect-server endpoint show Commands at bit.ly/gw-tut
  • 48. Globus Data Sharing ā€¢ Primary access (via a mapped collection) requires an account on the host system ā€¢ Subscribers may allow mapped collection users to share with others who donā€™t have accounts on the host system (via guest collections)
  • 49. 6. Enabling sharing (guest collections) ā€¢ Configure sharing policies on mapped collection ā€¢ You can restrict the authorized accountsā€¦ o --sharing-user-allow --sharing-user-deny o --posix-sharing-group-allow o --posix-sharing-group-deny ā€¢ ā€¦and sharing pathsā€¦ o --sharing-restrict-paths (specify JSON PathRestrictions) ā€¢ You can also set policies for specific user/path combinations o $ globus-connect-server sharing-policy create ...
  • 50. Data sharing configuration considerations Any restrictions on the sharing permissions levels? Read-only sharing? Read- only for some paths and read/write for other paths? Any restrictions on which users may share? Only users with training may share? Any restrictions on paths that may be shared with guests? Only share home directory? Any user specific sharing policies? Can Alice share any folder she can access, but Bob can only share folders in his home directory? Any restrictions on the identity domain of the guest? No sharing with gmail.com?
  • 51. Data sharing monitoring and management Admins of mapped collections mayā€¦ View access control lists. Delete access control lists. Delete guest collections. Delete guest collections according to last time they were accessed or created.
  • 52. 7. Enable web browser upload and download ā€¢ Authorized users can upload, download files via a browser ā€¢ Must have permissions to the collection ā€“ Collection configuration governs access ā€“ Web server is a different application (separate authentication)
  • 54. The Management Console Monitor and manage transfers* ā€¢ Real time overview of transfers in and out of your system ā€¢ Pause or cancel transfers by endpoint or by user Set a pause rule for current and future transfers or users* ā€¢ Ideal for maintenance mode Manage your endpoint ā€¢ Edit metadata* ā€¢ Associate it with a subscription Manage your clients *Subscription feature
  • 55. Resources ā€¢ GCSv5 Guides: docs.globus.org/globus-connect- server/ ā€¢ Migration: docs.globus.org/globus-connect- server/migrating-to-v5.4/ ā€¢ Globus support: support@globus.org